Audit finds FEMA laptops lack proper security settings

The Federal Emergency Management Agency needs better policies and procedures for safeguarding its inventory of 32,000 laptop computers from unauthorized users, according to a recent audit report.

The partially redacted 37-page report from the Homeland Security Department's inspector general said that without the proper security configurations, sensitive data on the laptops might be at risk.

The audit was conducted in the wake of 16 security incidents involving stolen or missing DHS laptop computers in 2006. The IG and the Government Accountability Office reported last summer that FEMA had more than 100 missing and presumed stolen laptops valued at $300,000.

For the recent review, auditors tested a sample of 298 FEMA laptops. Deficiencies included failure to apply security settings that met mandatory standards, and a lack of procedures for installing software security updates.

Because FEMA applied the same security policies for its desktop computers, the configuration weaknesses identified with laptop computers apply to all government-issued computers at the agency, the IG found.

FEMA has not classified its laptop computers as part of a recognized information technology system, so auditors were unable to evaluate whether the agency was compliant with requirements of the 2002 Federal Information Security Management Act.

To secure data stored on government-issued laptop computers, auditors recommended that FEMA's chief information officer, Anthony Cira, develop and implement a standard security setting for all agency computers. The agency also should fix existing "critical vulnerabilities" identified on the laptop computers tested by the auditors and check to see whether other laptops have similar weaknesses, the IG said.

In a heavily redacted section of the report, auditors outlined how many of the computers tested had not received the most recent security software updates. FEMA officials concurred with the IG's recommendation in that area, by agreeing to implement an automated software patch management system.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.