FISMA: 2013 DOT Has Made Progress, But Its Systems Remain Vulnerable To Significant Security Threats
On November 22, 2013, we issued our report that presents the results of our annual audit of the DOT’s information security program and practices, as required by the Federal Information Security Management Act of 2002 (FISMA). Consistent with FISMA and OMB requirements, our audit objective was to determine the effectiveness of DOT’s information security program and practices. Also, as required by OMB, we provided our results to OMB via its Website. DOT has made some progress in its information security program, but its systems remain vulnerable to significant security threats due to deficiencies in policies and procedures, enterprise-level controls, system controls, and management of known security weaknesses. We are making new recommendations to address these matters.