The Office of Inspector General (OIG) at the Department of Homeland Security (DHS) determined that DHS achieved three out of five cybersecurity functions in the Top Secret/Sensitive Compartmented Information intelligence systems for DHS. But the evaluation found deficiencies in the programs protect and recover operations. Due to the Top Secret nature of the intelligence systems, the OIG only released a brief unclassified summary of its report.
Per the Federal Information Security Modernization Act of 2014 (FISMA 2014), OIG reviewed the department’s security program and system security controls for the enterprise-wide intelligence system. And the Office of Intelligence and Analysis continues to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices.
FISMA 2014, sponsored by Sen. Thomas Carper, D-Del., reestablished the oversight authority of the Director of the Office of Management and Budget concerning agency information security policies and practices and sets forth authority for the DHS secretary to administer the implementation of such policies and practices for information systems.
The OIG made three recommendations, which were not publically disclosed, to the Office of Intelligence and Analysis to address the programs’ protect and recover function deficiencies identified in the evaluation. The Office of Intelligence and Analysis concurred with all three recommendations.