http://www.gcn.com/vol1_no1/daily-updates/37284-1.html By Wilson P. Dizard III GCN Staff 10/11/05 The Energy Department's inspector general has found fault with cybersecurity procedures in the Federal Energy Regulatory Commission's unclassified cybersecurity program. In a report [1] issued today, the IG noted that FERC officials have continued to improve their cybersecurity program, and cited improvements since a previous review in 2002. However, the IG staff found several areas in which FERC was deficient, including: * Access controls had in some cases not been implemented via strong password management * Some software with known security flaws was not replaced, and some users were at times provided access at higher levels than their duties required * Not all cybersecurity weaknesses were traced and resolved. Auditors said FERC had overlooked the problems because officials had failed to complete compliance evaluations required by general federal requirements and agency-specific rules. The report, however, omitted information on specific vulnerabilities and how they might be fixed. FERC management said that it generally concurred with the IG's findings and recommendations. [1] http://www.ig.doe.gov/pdf/ig-0704.pdf _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Oct 11 2005 - 21:40:54 PDT