Assessment of the Department of State's Connection Approval Process, Independent Validation and Verification Protocol, and System Certification and Accreditation Process (AUD/FM-03-30) - SUMMARY
Beginning in 1977, in its independent auditor’s report on the Department’s financial statements, a contract auditor reported a material weakness related to information system security. The Department stated that two recommended corrective actions for this material weakness would be addressed as part of its process to implement OpenNet Plus, which would constitute a program of system vulnerability and mitigation.
At the direction of the Office of Inspector General, an external systems contractor reviewed the Department’s OpenNet Plus connection approval process, including the independent validation and verification protocol, and the system certification and accreditation process. The systems contractor found that, although the connection approval process was a positive step, it was not sufficient to constitute a program of system vulnerability assessment and mitigation. In addition, the Department had not established a Department-specific certification and accreditation process.
|