Commerce Department cited for loose IT security practices
Inspector general says there is no evidence agency is complying with OMB security directives; more than 1000 laptops are missing
In writing his report on the Commerce Department’s information security failings, the agency’s inspector general might just as well have cut and pasted those of the other inspector generals from across the federal sector who this year found serious problems. Once again, laptops were found missing — 1,137 since 2001, 249 of which contained personally identifiable information (PII). The IG also noted that he could not determine whether Commerce had followed OMB directives on sharing personal data by, among other things, requiring double factor authentication for access to sensitive data and disconnecting inactive users. “None of the system documentation reviewed indicated that PII was stored or processed, a step needed to determine the required safeguards,” the IG reported.
-read more in Wade-Hahn Chan’s FCW report