Audits

This report presents the results of our audit of computer security and controls at the USCG Operations Systems Center (OSC) conducted to help meet the statutory requirement of the Government Information Security Reform Act. We identified computer security weaknesses on personal, physical and technical security at OSC, including personnel background checks, system access control, unprotected password files and unauthorized remote access to 2 critical systems. We also identified concerns with Coast Guard’s capability to meet requirements for having critical infrastructure protected by May 2003 as required Federal regulation. While OSC has adequate firewall security to protect its private network, we found that OSC computers were vulnerable to attack by insiders and its intrusion detection capability needs to be enhanced.