A new audit from the Department of Treasury’s Inspector General found a number of IT security flaws around the agency’s management of collateral national security systems.
The report documents a range of sloppy or incomplete IT security control practices for IT systems that support national security functions and run afoul of cybersecurity requirements detailed by the Federal Information Security Management Act and National Institute for Standards and Technology, as well as internal departmental guidance.
In an attached letter, Larissa Klimpel, director of the cyber and information technology audit team, said the audit demonstrated that substantial elements of Treasury’s information security program for collateral national security systems were “not effective.”
