FISMA 2012: Ongoing Weaknesses Impede DOT’s Progress Toward Effective Information Security
On November 14, 2012, we issued our report presenting the results of our annual audit of the Department’s information security program and practices, as required by the Federal Information Security Management Act of 2002 (FISMA). Consistent with FISMA and OMB requirements, our overall audit objective was to determine the effectiveness of DOT’s information security program and practices. We found that DOT has made improvements in to its security controls. For example, it enhanced the Department’s cyber security policy and guidance. However, the Department has not implemented many of the recommendations we made over the past several years that would permit it to meet Federal IT security requirements. As a result, the Department’s information systems remain vulnerable to serious security threats and risks due to continued deficiencies in DOT’s information security procedures, controls, and remediation measures. We are making new recommendations to address these deficiencies. DOT's Acting Chief Information Officer will provide a description, along with milestone dates, of the specific actions to implement these recommendations.