Information Security: Corps of Engineers Making Improvements, But Weaknesses Continue

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 2002-06-10 monographic deposited born digital GA 1.13:GAO-02-589 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-02-589 P0b002ee18038191c f:d02589 DGPO 2010-08-12 2011-03-24 GAOREPORTS-GAO-02-589 machine generated eng fdlp REPORT GAOREPORTS-GAO-02-589 GAO-02-589 Financial analysis Financial management Financial statement audits Internal controls Computer security Systems management Financial management systems Army Corps of Engineers Financial Management System Other Written Product A03516

Information Security: Corps of Engineers Making Improvements, But Weaknesses Continue GAO tested selected general and application controls of the Corps of Engineers Financial Management System (CEFMS). The Corps relies on CEFMS to perform key financial management functions supporting the Corps' military and civil works missions. The Corps has made substantial progress in improving computer controls at each of its data processing centers and other Corps sites. The Corps had completed action on 54 of GAO's 93 previous recommendations and partially completed or had action plans to correct the remainder. During the current review, nine new weaknesses were identified and corrected. Nevertheless, continuing and newly identified vulnerabilities involving general and application computer controls continue to impair the Corps' ability to ensure the reliability, confidentiality, and availability of financial and sensitive data. Such vulnerabilities increase risks to other Department of Defense networks and systems to which the Corps' network is linked. Weaknesses in general controls impaired the Corps' ability to ensure that (1) computer risks are adequately assessed, and security policies and procedures within the organization are effective and consistent with overall organizational policies and procedures; (2) users have only the access needed to perform their duties; (3) system software changes are properly documented before being placed in operation; (4) test plans and results for application changes are formally documented; (5) duties and responsibilities are adequately segregated; (6) critical applications are properly restored in the case of a disaster or interruption; and (7) the Corps has adequately protected its network from unauthorized traffic. Application control weaknesses impaired the Corps' ability to ensure that (1) current and accurate CEFMS access authorizations were maintained, (2) user manuals reflect the current CEFMS environment, and (3) the Corps is effectively using electronic signature capabilities. https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-02-589/html/GAOREPORTS-GAO-02-589.htm GAO-02-589 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-02-589 Other Written Product GAO-02-589; Information Security: Corps of Engineers Making Improvements, But Weaknesses Continue; Financial analysis Financial management Financial statement audits Internal controls Computer security Systems management Financial management systems Army Corps of Engineers Financial Management System United States Code Title 31 Section 331 31 U.S.C. 331