This document is a summary of a printed document. The printed document may contain charts and photographs which are not reproduced in this electronic version. If you require the printed version of this document, contact the Freedom of Information Act Officer, Office of Inspector General, U.S. Department of Labor, Washington, DC 20210, or call (202) 693-5116.

This report reflects the findings of the Office of Inspector General at the time that the audit report was issued. More current information may be available as a result of the resolution of this audit by the Department of Labor program agency and the auditee. For further information concerning the resolution of this report's findings, please contact the program agency.

OIG has started using Acrobat 4.0 to prepare it's latest Audit reports. If you are experiencing problems downloading some of the larger PDF files, you may want to download the latest version of the Adobe Acrobat Reader by clicking the link provided below.

Our original audit objective was to determine whether the OFCCP Information System (OFIS) in Region IX had adequate and effective management, operational, and technical security controls in place to prevent unauthorized disclosure or modification of sensitive data, or disruption of critical services of its information systems. Based on the results of our work in Region IX, we expanded our scope to include certain computer security controls at OFCCP headquarters that impacted Region IX security controls. We found that OFCCP needs to improve its security program for the OFIS to better protect the agency's critical systems.

OFCCP had not assigned security responsibility, developed security plans for its major application or properly reauthorized application processing, as outlined in OMB Circular A-130. Although OFCCP headquarters officials told us some effort has been applied to these areas, they did not provide documentation to support the level of effort claimed. A systematically and comprehensively planned adequate, cost-effective security program for the OFIS is necessary to protect OFCCP sensitive mission data from vulnerability.

We recommended that Assistant Secretary for Employment Standards immediately (1) assign OFIS security responsibility to an OFCCP management official, and (2) require OFCCP users of the OFIS to obtain security training. In addition, we recommended that the Assistant Secretary complete the security program development for the OFIS as soon as possible.

Both ESA and OFCCP generally concurred with the recommendations and stated that corrective actions either had been or would be taken. In addition, we issued a separate letter report to the regional director recommending specific action to correct weaknesses within the regional director's purview.
Report No. 09-00-005-04-001, issued September 22, 2000

Get Complete Report

-- DISCLAIMER

Send technical comments to: Webmaster@oig.dol.gov
Comments relating to policy, content or style should be directed to rpts-coordinator@oig.dol.gov .