DHS needs to improve the security posture of its cybersecurity program systems

Original publisher: Washington, DC : Dept. of Homeland Security, Office of Inspector General, [2010] OCLC Number: (OCoLC)671843588 Subject: Computer security -- Government policy -- United States. Excerpt: ... Recommendations We recommend that the NCSD Director: Recommendation # 1: Mitigate the vulnerabilities identified during the audit to secure the operating systems and applications deployed on the MOE network. Recommendation # 2: Implement a software management solution that will automatically deploy operating system and application security patches and updates on all MOE computer systems to mitigate current and future vulnerabilities. Management Comments and OIG Analysis NPPD concurred with recommendation 1. Based on NPPD's response, NCSD has mitigated the identified vulnerabilities. NCSD performed a subsequent scan of the MOE network demonstrating this mitigation and will provide the OIG with a copy of the results. OIG Analysis We agree that the steps NCSD has taken satisfy this recommendation. This recommendation will remain open until NCSD provides documentation to support that all planned corrective actions are completed. NPPD concurred with recommendation 2. Prior to the OIG engagement, NCSD began the acquisition process for a software management solution. Following the acquisition process, NCSD began testing the system, which was deployed on June 30, 2010. NCSD will be demonstrating this system for the OIG for confirmation that responsive action has been taken. OIG Analysis We agree that the steps NCSD has taken satisfy the intent of this recommendation. This recommendation will remain open until NCSD provides documentation to support that all planned corrective actions are completed. DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems Page 11