View PDF Document

Summary

The objective of this audit is to determine whether FAA computer security over Air Traffic Control En-Route Center operations is adequate to ensure the integrity, confidentiality, and availability of critical air traffic control systems. We will evaluate whether (1) FAA has adequate management oversight of National Airspace System security and infrastructure protection to meet the requirements of Presidential Decision Directive 63, which called for identifying critical infrastructure systems and establishing plans to protect them by May 2003; (2) network entry points into en-route systems are adequately secured and monitored; (3) proper technical, physical, and personnel security is implemented; (4) configuration management controls are in place to ensure that only authorized changes can be made to en?route systems, including local adaptations; and (5) adequate business continuity and contingency plans are in place.