Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

OIG audit criticizes HHS access controls

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 30 Jul 2014 10:02:15 +0000 (UTC)
http://www.fiercehealthit.com/story/office-inspector-general-audit-criticizes-hhs-access-controls/2014-07-29

By Susan D. Hall
FierceHealthIT.com
July 29, 2014
The U.S. Department of Health and Human Services must improve its security procedures for granting access to physical facilities as well as computer applications and files, according to an audit from the HHS Office of Inspector General that found security controls inadequate.
The audit looked at how well the agency complied with Homeland Security Presidential Directive-12, which lays out access-management policy for government workers and contractors. It covered program and system-specific controls, encryption, change controls, Web vulnerability management and physical security.
It found five areas it categorized as high risk and one--Web vulnerabilities--as moderate risk, though it noted it was not able to fully determine whether vulnerabilities in in the Web portal test sites had already been corrected. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: