Audits

We released our report on DOT's information security program as required by the Government Information Security Reform Act (GISRA). We found that in Fiscal Year 2002, DOT made a strong commitment to improve information security. However, more progress is needed. We found DOT still has significant challenges in key security areas including management controls, network security, system security, infrastructure-critical systems and asset protection, and personnel security. We concluded that the DOT information security program should remain a material weakness and requires continued senior management attention. DOT agreed.