Security Weakness In DOT's Common Operating Environment Expose Its Systems and Data To Compromise
On September 10, 2013, we issued our self-initiated report on the Department of Transportation (DOT) Common Operating Environment (COE) information security controls. The COE provides Operating Administrations (OAs) at the Department's Headquarters in Washington, DC, with IT services, such as data storage, email and web application access, and database services. The COE also provides a centralized environment for applications that OAs use in support of their operations.
The objective of this audit was to determine the effectiveness of COE's information security controls, including whether or not DOT COE is as safe from compromise as possible and what, if any, security vulnerabilities the COE contains. Sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552, has been redacted and we have marked the document as FOR OFFICIAL USE ONLY. The redacted version is posted to our website.