DOT Has Made Progress but Significant Weaknesses in Its Information Security Remain
This report presents the results of our annual audit of DOT’s information security program and practices, as required by the Federal Information Security Management Act of 2002 (FISMA). Consistent with FISMA and the Office of Management and Budget’s (OMB) requirements, our audit objective was to determine the effectiveness of DOT’s information security program and practices. We provided these results to OMB via its Website. DOT made additional improvements to its program, but the Department’s systems are still vulnerable to serious threats due to deficiencies in policies and procedures, enterprise-level controls, system controls, and management of known security weaknesses. We made recommendations to address these issues.