"The overall objective of this audit was to determine whether the Department of the Treasury (Treasury) has developed computer security plans that will ensure that the information in Treasury computer systems is protected against loss, misuse or unauthorized access and modification. We include two findings with recommendations to assist Treasury in improving the computer security plans. First, the Deputy Assistant Secretary for Information Systems (DASIS)/Chief Information Officer (CIO) needs to update the Treasury-wide policies and guidance for the development of computer security plans and ensure that the Treasury bureaus' security plans comply with current regulations. In addition, the CIO needs to develop security plans for systems of the Departmental Offices (DO). These plans should address the current system vulnerabilities identified and be kept up-to-date. The CIO also needs to develop an information systems inventory for systems he is responsible for managing."
Department of the Treasury, Office of Inspector General, Report No. OIG-01-014
Government Printing Office: http://www.gpoaccess.gov/