"In 2010, the Office of Management and Budget designated the Department of Homeland Security (DHS) with the primary responsibilities of overseeing the Federal-wide information security program and evaluating its compliance with the 'Federal Information Security Management Act of 2002'. The National Protection and Programs Directorate (NPPD), which is primarily responsible for fulfilling DHS security missions, assumed this responsibility for the Department. Subsequent to the President's issuance of Executive Order 13618 in July 2012, NPPD's Office of Cybersecurity and Communications was reorganized in an effort to promote security, resiliency, and reliability of the Nation's cyber and communications infrastructure. We audited NPPD to determine whether the Office of Cybersecurity and Communications has implemented its additional cybersecurity responsibilities effectively to improve the security posture of the Federal Government. […] Although actions have been taken, NPPD can make further improvements to address its additional cybersecurity responsibilities. For example, the Federal Network Resilience division must develop a strategic implementation plan to define its long-term goals on improving agencies' information security programs. Further, increased communication and coordination with Government agencies can improve the 'Federal Information Security Management Act' reporting process. Finally, NPPD must address deficiencies in maintaining and tracking the training records of CyberScope contractor personnel and implement the required DHS baseline configuration settings. We are making six recommendations to the Acting Assistant Secretary, Office of Cybersecurity and Communications. NPPD concurred with all recommendations and has begun to take actions to implement them."
Department of Homeland Security, Office of Inspector General, Report No. OIG-13-95
U.S. Dept. of Homeland Security, Office of Inspector General: http://www.oig.dhs.gov/