DHS Needs to Improve the Security Posture of Its Cybersecurity Program Systems
"The Department of Homeland Security Office of Inspector General was established by
the Homeland Security Act of2002 (Public Law 107-296) by amendment to the Inspector
General Act of1978. This is one of a series of audit, inspection, and special reports
prepared as part ofour oversight responsibilities to promote economy, efficiency, and
effectiveness within the department.

This report addresses whether physical and logical access controls are in place to secure
the cybersecurity program systems utilized by the National Cyber Security Division and
to ensure the integrity and reliability ofthe information it disseminates to the public and
private sectors. It is based on interviews with key management officials, as well as
system and contractor personnel, physical security evaluations, system security
vulnerability assessments, and reviews of applicable documentation.

The recommendations herein have been developed to the best knowledge available to our
office, and have been discussed in draft with those responsible for implementation. We
trust this report will result in more effective, efficient, and economical operations. We
express our appreciation to all of those who contributed to the preparation of this report. "