View PDF Document

Summary

We released our report on DOT's information security program as required by the Government Information Security Reform Act (GISRA). We found that in Fiscal Year 2002, DOT made a strong commitment to improve information security. However, more progress is needed. We found DOT still has significant challenges in key security areas including management controls, network security, system security, infrastructure-critical systems and asset protection, and personnel security. We concluded that the DOT information security program should remain a material weakness and requires continued senior management attention. DOT agreed.