 |
| |
| |
| |
| |
| |
|
Office of Inspector General |
|
| Title: | Audit of NTSB's Information Security Program |
| Date: | October 13, 2006 |
| Type: | Audit |
| Summary: | On October 13, we issued a final report on NTSB's information security program. In FY 2006, NTSB made a concerted effort to correct security weaknesses identified in prior years. However, continued management attention is needed in several areas: (1) assessing systems risk and assigning a priority to reviewing and testing security protection of systems with a higher-risk impact on NTSB operations, (2) enforcing and following through on the newly established network security requirements, and (3) identifying systems containing sensitive personally identifiable information for proper protection. As a result, NTSB's information security program in our opinion still has a significant deficiency that should be reported as a material internal control weakness on the annual Federal Managers' Financial Integrity Act Report to OMB and Congress. |
 PDF document |