DOT Had Major Success in PIV Implementation, But Problems Persist In Other Cybersecurity Areas
This report presents the results of our annual audit of DOT’s information security program and practices required by the Federal Information Security Management Act of 2002 (FISMA), as amended. Consistent with FISMA and the Office of Management and Budget’s requirements, our audit objective was to determine the effectiveness of DOT’s information security program and practices. DOT has made significant progress in implementing the use of personal identity verification cards. However, the Department’s information systems remain vulnerable to serious security threats due to deficiencies in policies and procedures, enterprise controls, system controls, and management of known security weaknesses. We made recommendations to address these issues. To post the report on our Web site, we have redacted sensitive information.