[ GRAPHIC ]
[
Search
]
THE OFFICE OF FEDERAL CONTRACT COMPLIANCE INFORMATION SYSTEM SECURITY NEEDS IMPROVEMENT
Information obtained from the Internet may not be in the same format as a hard
copy obtained from the Office. Depending on the requester, the quantity of
information provided may also vary. In order to appeal any deleted information
received via the Internet, you must make a formal written request for the same
material. Further, some of the audit reports issued prior to FY 1998 may no longer
be available. They may have been destroyed in accordance with our records
retnetion schedule. However, any request for audit reports or other audit materials
should be sent to the OIG, Disclosure Officer, Room S1303, 200 Constitution
Avenue, N.W., Washington, D. C. 20210.
Unless otherwise stated, the audit reports provided on this web page reflect the
findings of the OIG at the time that the audit report was issued. The auditee may
have more current information available as a result of audit resolution activities.
The OIG is using Adobe Acrobat 4.0 to prepare its audit reports for the internet. If
you experience problems accessing the PDF files, you may want to download the latest
version of the Adobe Acrobat Reader by clicking on the link provided.
[
Link to Acrobat 4.0 Reader
]
OFCCP had not assigned security responsibility, developed
security plans for its major application or properly reauthorized
application processing, as outlined in OMB Circular A-130. Although OFCCP
headquarters officials told us some effort has been applied to these
areas, they did not provide documentation to support the level of effort
claimed. A systematically and comprehensively planned adequate,
cost-effective security program for the OFIS is necessary to protect OFCCP
sensitive mission data from vulnerability.
We recommended that Assistant Secretary for Employment
Standards immediately (1) assign OFIS security responsibility to an OFCCP
management official, and (2) require OFCCP users of the OFIS to obtain
security training. In addition, we recommended that the Assistant
Secretary complete the security program development for the OFIS as soon
as possible.
Both ESA and OFCCP generally concurred with the
recommendations and stated that corrective actions either had been or
would be taken. In addition, we issued a separate letter report to the
regional director recommending specific action to correct weaknesses
within the regional director's purview.
[
Get Complete Report
PDF ] 7 pp. {20 k}
Our original audit objective was to determine whether the
OFCCP Information System (OFIS) in Region IX had adequate and effective
management, operational, and technical security controls in place to
prevent unauthorized disclosure or modification of sensitive data, or
disruption of critical services of its information systems. Based on the
results of our work in Region IX, we expanded our scope to include certain
computer security controls at OFCCP headquarters that impacted Region IX
security controls. We found that OFCCP needs to improve its security
program for the OFIS to better protect the agency's critical
systems.
Report No. 09-00-005-04-001, issued September 22, 2000
[
2000 Reports
]
[ 1999 Reports ]
[ 1998 Reports ]
[ Prior to 1998 ]
GO TO --
[ Audit Process ]
[ Audit Reports ]
[ FOIA ]
[ Staff Listings ]
[
OIG Hotline
]
[ Privacy and Security Statement ]
[ DISCLAIMER ]
Send technical comments to: [ Webmaster@oig.dol.gov. ]
Comments relating to policy, content or style should be directed to: [ rpts-coordinator@oig.dol.gov ]
[ OA Home Page ]
[ DOL Home Page ]
[ OIG Home Page ]
[
Top of Document
]