IG: Interior fails to comply with FISMA again

The Department of the Interior has once again failed to comply with the Federal Information Security Act in fiscal 2009, the department's inspector general said last week. A new IG report blamed a decentralized organization structure, fragmented IT governance processes, lack of oversight, bureau resistance to departmental guidance and use of under-qualified personnel to perform significant IT securities duties.

"These serious flaws significantly negate the benefit of the $182 million spent on IT security in FY 2009 and the efforts of the 677 employees and contractors fully devoted to information security across the department," the IG wrote in Interior's annual FISMA assessment report.

One big problem is allowing chief information officers at Interior to delegate IT security responsibility to regional managers, the report said. "Delegating authority from the department CIO has resulted in multiple layers of bureaucracy that impede achieve of results and drive up costs," the report added.

The IG's recommendations to fix the problem include:

* Realigning the department CIO to report directly to the Interior secretary.

* Consolidating and centralizing significant IT security duties to improve consistency, enhance efficiency and reduce costs.

For more on the Interior Department and FISMA:
- see this govinfosecurity.com article

Related Articles:
Agencies must submit FISMA reports online