The Labor Department information security is falling short, especially when it comes to IT governance, according to a recent audit.
In its review of the department’s compliance with the Federal Information Security Modernization Act, the Office of Inspector General found that tools for monitoring software and hardware on the network weren’t used, patches weren’t implemented and audit logs weren’t reviewed. Additionally, DOL had not defined incident response technologies.
Most troubling, however, were Labor’s IT governance shortcomings, according to the OIG.
For example, vulnerability scans revealed that critical weaknesses weren’t addressed in a timely manner -- and the Office of the Chief Information Officer couldn’t provide five weeks’ worth of scanning reports when requested.
The OCIO was also unable to access a system to monitor audit logs and lacked tools to authorize which hardware and software could connect to the network.
That lack of oversight increases the agency’s risk to compromise of its information systems, the OIG warned.