Audit Finds Gaps in Labor Department’s Information Security, Continuous Monitoring Controls
According to KPMG’s Labor Department audit for the fiscal year 2021, the issues are related to the department’s cybersecurity function maturity levels. Using the CyberScope web-based tool, auditors tested security controls for 20 systems and conducted a targeted vulnerability assessment on select devices.
Auditors identified 16 findings that focus on deficiencies in security control assessment performance, account management controls and system security plans maintenance. The findings are based on 45 notices of findings that were sent to Labor Department officials, Nextgov reported Tuesday.
Auditors offered 18 recommendations to help DOL close information security and monitoring control gaps.
One of the recommendations is for DOL’s Office of the Chief Information Officer to implement robust monitoring capabilities to assess system security. The OCIO must hold agencies accountable for identified compliance gaps.
Labor Department officials concurred with the audit’s recommendations and said it has either addressed or developed plans to resolve open recommendations from previous audits.
The assessment was performed in accordance with the Federal Information Security Modernization Act of 2014.
Auditors said the department closed 11 open FISMA audit-related recommendations dating back to 2018.
Tags: audit cybersecurity Department of Labor Federal Information Security Modernization Act of 2014 information security KPMG Nextgov Office of the Inspector General