The unclassified summary of DHS’ Inspector General audit of “enterprise-wide security program and practices for its Top Secret/Sensitive Compartmented Information intelligence systems” found that the “department continues to maintain an effective enterprise-wide information security management program for its intelligence systems. Overall, information security procedures have been documented and adequate security controls have been implemented.”
The report notes, however, that “management oversight and operational issues remain regarding the effectiveness of the program. We have concerns with the documentation for the Coast Guard Intelligence Support System certification and accreditation package and the information system security training and awareness program for intelligence personnel.”
DHS’ Annual Performance Plan For Fiscal Year 2011 prepared by the OIG states that “Annual Evaluation of DHS’ Information Security Program (Intelligence Systems) for FY 2011” is mandatory and that “[i]dentifying potential information security threats to DHS intelligence systems is key in evaluating the DHS intelligence program. The loss or compromise of DHS’ intelligence systems or can have severe consequences, affecting national security, U.S. citizens, and the department’s missions.”
The Performance Plan explains that “FISMA and the Director, Central Intelligence Directive 6/3, Protecting Sensitive Compartmented Information Within Information Systems, requirements will be used as criteria for the evaluation.”
Attached below are the unclassified summary of the OIG report and DHS’ FY ’11 Performance Plan.