Reports Slam DHS on Data Security, Contract Oversight
Computerworld - Two newly released government reports criticize the U.S. Department of Homeland Security for data security and IT contract management shortcomings within the agency's program for controlling and monitoring the entry and visa status of foreign visitors.
The contract management report was publicly released by the Government Accountability Office last Monday, and a partially censored version of the security-related report was made available July 7 by the inspector general's office within the DHS.
The GAO said DHS officials responsible for the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program didn't establish effective financial controls for overseeing work performed on its behalf by other agencies. That includes U.S. Customs and Border Protection, which manages a system that maintains watch-list data and captures passenger arrival and departure information provided by air and sea carriers.
As a result of the oversight problems, the US-VISIT program office didn't understand exactly how much was being spent on contracts or whether the work was being done on time and within budgets, the GAO claimed in the report. It added that the DHS and the other agencies made duplicate payments on invoices and used funds designated for US-VISIT to pay for services that weren't related to the program.
The GAO recommended that DHS Secretary Michael Chertoff direct the US-VISIT program office to take steps designed to strengthen its contract management capabilities.
Room for Improvement
In a written response to the GAO, a DHS official said that although the agency disputes some of the findings in the report, it agrees with the recommendations and recognizes the need for improvement.
The other report, issued by Richard Skinner, inspector general at the DHS, said the agency hasn't properly configured a database in which personal information captured by radio frequency identification (RFID) devices is stored. The security gaps could be exploited to gain unauthorized or undetected access to sensitive data, according to the report.
In a written response, James Williams, director of the US-VISIT program, said steps have already been taken to strengthen account management procedures for the database. However, he disagreed with a recommendation that RFID-specific policies be set. Existing policies cover the security of data, whether it is collected via RFID or other technologies, he said.
Read more about it in government in Computerworld's IT in Government Knowledge Center.
US-VISIT
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
US Government Prevents Malware with Application Whitelisting
Download This Case Study Now!
Insight from an Auditor: Ensuring a Successful PCI Audit
Ensure a successful PCI audit. Watch this webcast now.
Oracle Accelerate - Not Just Smart but Timely
Download Now!
IT Governance Podcast: IT Provider Forecasts $10 Million in Savings
In this podcast, learn how OTS was able to prioritize, then deliver, on the mission-critical demands and, in the process, project $10 million...
Why BI is Ripe - Now! - For Businesses of Any Size
Download Now!
A New Approach to IT Governance
This 5-Minute Demo shows a new approach that lets IT quickly and easily realize the benefits of IT Governance.
Data in Action: Making the Planet Smarter
Register Now
Rapid Implementation: The New Age of ERP
Download Now!

