Audit of the Data Integrity of the Commercial Driver's License Information System
On July 30, 2009, we issued our report on the audit of the Data Integrity of the Commercial Driver’s License Information System (CDLIS), as required by the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA−LU). This audit addressed the validity of CDLIS data and security issues. We assessed: (1) whether convictions received from the courts were recorded in a timely manner, (2) whether CDLIS and state department of motor vehicles (DMV) systems were adequately secured, and (3) the adequacy of contingency plans to ensure continued CDLIS service to DMVs following a disaster or other emergency. FMCSA has taken measures to strengthen the CDL program, but additional action is necessary to increase the safety of the Nation’s highways. First, DMVs are still experiencing delays in posting convictions to their driver history records for CDLIS users’ access. Second, deficiencies in security controls persist. Specifically, system certification and accreditation reviews have not been completed, and states lag in developing and implementing comprehensive security policies and procedures to better protect DMV systems. Third, enhanced contingency planning and testing of both CDLIS–Access and state DMV systems has not fully occurred. We made specific recommendations to address these weaknesses. The Acting Deputy Administrator, Federal Motor Carrier Safety Administration concurred with our findings and recommendations, and has provided plans to take specific actions to implement them.