The Transportation Department has the second lowest maturity level for its information security systems and its cybersecurity functions are lacking, according to its inspector general.
In its yearly report of DOTâs compliance with the Federal Information Security Management Act, the inspector general found that all of DOTâs function areas -- identify, protect, detect, respond and recover â have weaknesses.
The five function areas fall at the Defined maturity level, which is the second lowest level of maturity in the model for information security. While the agency has mostly formalized and documented its policies and procedures in all function areas, it still has some policy gaps, the IG said.Â
These insufficiencies increase the likelihood of DOTâs information or systems suffering from compromises that âdisrupt operations, impair safety, expose private data, or put tax dollars at risk,â the report said.
To address these inadequacies, the IG made a dozen recommendations to the agency chief information officer. Top among them: create policies and processes to confirm the accuracy of DOTâs key FISMA information tool, conduct annual cybersecurity performance analysis reviews of operating administrationsâ cybersecurity programs, and ensure DOT has an accurate inventory of cloud systems, contractor systems and websites the public can access.