Computer Security of FTA's Grant Management and Payment Systems
We issued an audit report on the computer security and controls over three FTA computer systems that support grant management and payment processing. These systems are used to support approval, monitoring, and payment of over $7 billion of annual FTA and FAA grants. We found weaknesses in security planning and management, access controls, system change controls, and business continuity planning. We made recommendations to enhance security planning and testing, strengthen user access to both systems and the computer room, identify software vulnerabilities, increase oversight of system changes, enhance contingency plans, and conduct disaster recovery testing at the designated recovery site. The audit was conducted by KPMG LLP of Washington, DC, under contract to OIG.