[ISN] Computer Security Lacking At State DMVs - GAO Report

From: InfoSec News (isnat_private)
Date: Mon Mar 18 2002 - 23:40:29 PST

  • Next message: InfoSec News: "[ISN] Security Bug Disclosure Standard Dead In The Water"

    By Staff, Newsbytes
    18 Mar 2002, 5:18 PM CST
    Most state motor vehicle departments don't do enough to protect Social
    Security numbers from hackers, the federal government's investigative
    arm said today.
    The findings were part of a General Accounting Office (GAO) study that
    examined state DMV compliance with a federal law that requires states
    to harvest Social Security numbers from driver's license applications
    to aid in the collection of past due child support payments.
    The GAO found that although most motor vehicle agency officials
    believe that the Social Security numbers stored on their agency's
    computers were safe from unauthorized access, officials in 40 states
    also reported that their computer security programs lacked the basic
    components of information security plans, audits, access monitoring,
    and policies for password selection and use.
    The GAO also found that no guidelines exist regarding the components
    that motor vehicle agencies should include in their computer security
    The report, submitted to the House Ways and Means Subcommittee on
    Human Resources at the chairman's request, makes no recommendations to
    remedy the problem, primarily because no federal agency is responsible
    for overseeing computer security at state motor vehicle agencies.
    The GAO is at http://www.gao.gov
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 02:26:22 PST