DOT Information Security Program
We issued our final report on the annual audit of the Department of Transportation’s Information Security Program as required by the Federal Information Security Management Act (FISMA). During FY 2004, DOT made a concerted effort to correct weaknesses identified during previous years. However, we found that the CIO office and Operating Administrations need to better coordinate IT budget requests in order to clearly describe the sources and uses of IT funds; the quality of security certification reviews need to be improved; and air traffic control system security must be enhanced. We made several recommendations to the DOT CIO to improve IT management controls; network and Internet (web) security; system security certification reviews; air traffic control system security, and system contingency planning.