[TEXT ONLY] |
![]()
|
||
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
This document is a summary of a printed document. The printed document may contain charts and photographs which are not reproduced in this electronic version. If you require the printed version of this document, contact the Freedom of Information Act Officer, Office of Inspector General, U.S. Department of Labor, Washington, DC 20210, or call (202) 693-5116. This report reflects the findings of the Office of Inspector General at the time that the audit report was issued. More current information may be available as a result of the resolution of this audit by the Department of Labor program agency and the auditee. For further information concerning the resolution of this report's findings, please contact the program agency. OIG has started using Acrobat 4.0 to prepare it's latest Audit reports. If you are experiencing problems downloading some of the larger PDF files, you may want to download the latest version of the Adobe Acrobat Reader by clicking the link provided below.
Our original audit objective was to determine whether the
OFCCP Information System (OFIS) in Region IX had adequate and effective
management, operational, and technical security controls in place to
prevent unauthorized disclosure or modification of sensitive data, or
disruption of critical services of its information systems. Based on the
results of our work in Region IX, we expanded our scope to include certain
computer security controls at OFCCP headquarters that impacted Region IX
security controls. We found that OFCCP needs to improve its security
program for the OFIS to better protect the agency's critical
systems.
OFCCP had not assigned security responsibility, developed
security plans for its major application or properly reauthorized
application processing, as outlined in OMB Circular A-130. Although OFCCP
headquarters officials told us some effort has been applied to these
areas, they did not provide documentation to support the level of effort
claimed. A systematically and comprehensively planned adequate,
cost-effective security program for the OFIS is necessary to protect OFCCP
sensitive mission data from vulnerability.
We recommended that Assistant Secretary for Employment
Standards immediately (1) assign OFIS security responsibility to an OFCCP
management official, and (2) require OFCCP users of the OFIS to obtain
security training. In addition, we recommended that the Assistant
Secretary complete the security program development for the OFIS as soon
as possible.
Both ESA and OFCCP generally concurred with the
recommendations and stated that corrective actions either had been or
would be taken. In addition, we issued a separate letter report to the
regional director recommending specific action to correct weaknesses
within the regional director's purview. |
Privacy and Security Statement -- DISCLAIMER
Send technical comments to:
Webmaster@oig.dol.gov
|