Information Security and Privacy Controls Over the Airmen Medical Support Systems
On June 18, 2010 we issued our final report on the Information Security and Privacy Controls over the Airmen Medical Support Systems. For the report we determined if airmen’s personally identifiable information (PII) is properly secured from unauthorized use or access and assessed FAA’s progress in establishing mechanisms to identify airmen holding current medical certificates while receiving disability pay.
We found that the PII of airmen were not properly secured to prevent unauthorized access due to serious security lapses in FAA’s management of user access to the system, and that only limited progress has been made in identifying airmen who receive disability benefits while holding medical certificates. FAA has begun to take action to fix the weaknesses identified in this report in order to provide greater assurance that sensitive information is protected from misuse and airmen holding medical certificates are fit to fly.
This review was requested by the Chairmen of the House Committee on Transportation and Infrastructure and its Subcommittee on Aviation.