Advanced search Help
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Military Personnel: DFAS Has Not Met All Information Technology Requirements for Its New Pay System
In early January 2003, GAO initiated a review of the Defense Integrated Military Human Resource System (DIMHRS). In April 2003 the Department of Defense (DOD) authorized the Defense Finance and Accounting Service (DFAS) to initiate a pilot project to demonstrate its ability to develop an interim military pay system, called Forward Compatible Military Pay, before DIMHRS is fully operational. DFAS maintains that an interim system should be developed as soon as possible for two reasons: (1) the planned personnel and pay system that DOD is currently developing as part of the larger DIMHRS will be implemented later than its projected target date of December 2006 and (2) the current military pay system--the Defense Joint Military Pay System--is aging, unresponsive, and fragile and has become a major impediment to efficient and high quality customer service. Since the planned interim Forward Compatible Military Pay system is considered an information technology acquisition program under DOD Acquisition Regulations, DFAS must comply with specific legal and administrative requirements before moving forward with the development of this project. DFAS has not complied with specific legal and administrative requirements applicable to DOD's information technology investments. Because DFAS has not submitted the forward pay proposal to the responsible domain, the DOD Comptroller has not met its responsibility under the authorization act to ensure compliance with the Business Enterprise Architecture. By failing to complete all required studies and analyses, DOD lacks assurance that it is meeting its goal of making quality information technology investments, as required.
United States. General Accounting Office
2003-10-20
-
Policy, Intelligence, and the Billion-Dollar Petroglyph
The pressure for corporate intelligence consensus is as great as the pressure for corporate policy consensus. The policy and intelligence processes are different but not separate. Intelligence is defined through analysis, and policy is defined through implementation. New policy can focus intelligence analysis, and new intelligence may influence policy changes. The relationship is dynamic, and exchanges are not necessarily sequential but invariably interactive. This interaction is not always harmonious; indeed, often it is a troubled road characterized by the need for reduction, the intrusion of bias, and the vagaries of a vast collection and processing subculture. Too often the policy/intelligence relationship, particularly in the defense establishment, is viewed idealistically, and this romantic view undermines the very process of effective interaction. Ideally, policy and intelligence are collegial partners in pursuit of larger national security goals. In practice, intelligence is somewhat of a junior partner with, what may be, a self-imposed image problem. Traditional suggestions for improving the quality of military intelligence support to the national security debate have focused on resource augmentation. Improved outcomes are inexorably, and often inexplicably, tied to more dollars and more sophisticated collection technology. This document discusses what would improve intelligence most in the defense arena. There are three shifts in emphasis that require little or no new resources: a better understanding of the corporate personality of policymakers; a recognition of the role that bias plays in policy formulation and intelligence analysis; and a change in the image of the intelligence process, coupled to an upgrade in the stature of intelligence managers.
Air University (U.S.). Press
Donovan, G. Murphy
1986
-
NSA/CSS Strategic Plan 2001-2006
Intelligence and information systems security complement each other. Intelligence gives the Nation an information advantage over its adversaries. Information systems security prevents others from gaining advantage over the Nation. Together the two functions promote a single goal: information superiority for America and its allies. NSA/CSS used technology to help win the Cold War, building a stable, well-funded, focused organization that provided a unique product to decision makers. As the preeminent information organization in the Industrial Age, they provided and protected the Nation's secrets. But the proliferation of information technologies and the emergence of the global network have begun to transform the world, altering fundamental ways of thinking and communicating. Old patterns are giving way to agile and collaborative processes and technologies. Old methods of behavior and communication still exist, but the future is clear. If NSA/CSS is to continue to serve the Nation by providing and protecting vital information, they must embrace change and resume our place on the forward edge of technology. NSA/CSS must master and operate in the global net of tomorrow. This plan outlines the goals of the NSA/CSS up to the year 2006.
United States. National Security Agency
-
Elemental Mercury (HG) Chemical Protocol
Very comprehensive description of the chemical agent, with coverage on many important aspects, including information on routes of exposure, sources and uses, exposure limits, physical characteristics, patient management, decontamination and treatment, incident reporting. Synonyms include colloidal mercury, quicksilver, liquid silver, metallic mercury, and hydrargyrum.
United States. Department of Health and Human Services
2000
-
Formaldehyde (HCHO) Chemical Protocol
Very comprehensive description of the chemical agent, with coverage on many important aspects, including information on routes of exposure, sources and uses, exposure limits, physical characteristics, patient management, decontamination and treatment, incident reporting. Synonyms include formalin, formic aldehyde, methanal, methyl aldehyde, methylene oxide, oxomethane,and paraform.
United States. Department of Health and Human Services
2000
-
Ethylene Glycol (C2 H6 O2) Chemical Protocol
Very comprehensive description of the chemical agent, with coverage on many important aspects, including information on routes of exposure, sources and uses, exposure limits, physical characteristics, patient management, decontamination and treatment, incident reporting. Synonyms include 1,2-dihydroxyethane, 1,2-ethanediol, 2-hydroxyethanol, ethylene alcohol, glycol,
glycol alcohol, monoethylene glycol, and ethylene dihydrate. Ethylene glycol is sold under a variety of brand names as automobile radiator antifreeze. It should not be confused with ethylene glycol ethers,which are a different group of chemicals.
United States. Department of Health and Human Services
2000
-
Gasoline (Mixture) Chemical Protocol
Very comprehensive description of the chemical agent, with coverage on many important aspects, including information on routes of exposure, sources and uses, exposure limits, physical characteristics, patient management, decontamination and treatment, incident reporting. Synonyms include gas, petrol, casing head gasoline, motor spirit, natural gasoline, and motor fuel.
United States. Department of Health and Human Services
2000
-
Ethylene Dibromide (C2H4Br2) Chemical Protocol
Very comprehensive description of the chemical agent, with coverage on many important aspects, including information on routes of exposure, sources and uses, exposure limits, physical characteristics, patient management, decontamination and treatment, incident reporting. Synonyms include 1,2-dibromoethane, glycoldibromide, and bromofume.
United States. Department of Health and Human Services
2000
-
Nuclear Security: Federal and State Action Needed to Improve Security of Sealed Radioactive Sources, Report to the Ranking Minority Member, Subcommittee on Financial Management, the Budget, and International Security, Committee on Governmental Affairs, U.S. Senate
Sealed radioactive sources, radioactive material encapsulated in stainless steel or other metal, are used worldwide in medicine, industry, and research. These sealed sources could be a threat to national security because terrorists could use them to make "dirty bombs." GAO was asked to determine (1) the number of sealed sources in the United States, (2) the number of sealed sources lost, stolen, or abandoned, (3) the effectiveness of federal and state controls over sealed sources, and (4) the Nuclear Regulatory Commission (NRC) and state efforts since September 11, 2001, to strengthen security of sealed sources. The number of sealed sources in the United States is unknown because NRC and states track numbers of licensees instead of individual sealed sources. In addition, since 1998, more than 1,300 incidents have taken place in the United States where sealed sources have been lost, stolen, or abandoned. Users of certain devices containing sealed sources are not required to apply to NRC for a license. Security for sealed sources varied among the facilities GAO visited in 10 states. Also, a potential security weakness exists in NRC's licensing process to obtain sealed sources. NRC has been developing additional security measures since the attacks, and issued the first security order to large facilities that irradiate such items as medical supplies and food. NRC and states disagree over the appropriate role of states in efforts to improve security. Over 80 percent of states responding to our survey feel they should be given responsibility to inspect and enforce security measures.
United States. General Accounting Office
2003-08-06
-
Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors, Report to the Committee on Energy and Commerce, House of Representatives
"The explosive growth of computer interconnectivity is transforming the workings of our nation, its government, and its critical infrastructures. But with the enormous benefits of this interconnectivity comes a threat: both physical and cyber assets are potentially vulnerable to computerbased attack. In response, Presidential Decision Directive 63 (PDD 63, May 1998) called for a range of actions to improve the nations ability to detect and respond to serious infrastructure attacks. For specific agencies under the Committee on Energy and Commerces jurisdiction and for private-sector organizations for which these agencies have responsibilities, GAO was asked, among other things, to assess their progress and challenges in undertaking critical infrastructure protection (CIP) activities. GAO recommends that the agencies take steps to complete the identification and analysis of their critical assets, including setting milestones and developing plans to address vulnerabilities. GAO also recommends that selected sectors lead agencies assess the need for public policy tools to encourage increased private-sector CIP activities. In its comments on a draft of this report, HHS concurred with recommended agency activities. Technical comments by other agencies and private-sector entities were also addressed, as appropriate."
United States. General Accounting Office
2003-02
-
Invasive Species: State and Other Nonfederal Perspectives on Challenges to Managing the Problem
Invasive species--harmful, nonnative plants, animals, and microorganisms--are found throughout the United States and cause damage to crops, rangelands, waterways, and other ecosystems that is estimated to cost in the billions of dollars annually. In addition to their economic costs, invasive species are the second most serious threat to endangered species after habitat destruction. This report provides the final results of GAO's spring 2003 survey of state agencies involved in efforts to address invasive species and members of the Invasive Species Advisory Committee (ISAC). The report focuses on state perspectives on (1) gaps in, or problems with, federal legislation addressing invasive species, (2) barriers to managing invasive species, (3) effective leadership structures for addressing invasive species, and (4) integrating federal aquatic and terrestrial invasive species legislation and the potential gains and drawbacks of such legislation. State officials identified several legislative gaps or problems with existing legislation intended to address invasive species: the lack of requirements for controlling invasive species that are already established or widespread; the lack of consideration of invasive species in international trade agreements; and the lack of federal funding for state invasive species efforts. State officials' opinions on effective federal leadership structures for managing invasive species varied. Many state officials indicated that the possible gains of integrated legislative authority would be an increased focus on invasive species pathways, as opposed to specific species, and increased coordination between federal agencies and states.
United States. General Accounting Office
2003-09-05
-
Information Security: Challenges in Using Biometrics: Testimony by Keith A. Rhodes, Chief Technologist, Applied Research and Methods, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, Committee on Government Reform, House of Representatives
One of the primary functions of any security system is the control of people into or out of protected areas, such as physical buildings, information systems, and our national border. Technologies called biometrics can automate the identification of people by one or more of their distinct physical or behavioral characteristics. Last year, GAO conducted a technology assessment on the use of biometrics for border security. GAO was asked to testify about the issues that it raised in the report on the use of biometrics in the federal government, and the current state of the technology. Biometric technologies are available today that can be used in security systems to help protect assets. However, technology and people must work together as part of an overall security process. GAO found that three key considerations need to be addressed before a decision is made to design, develop, and implement biometrics into a security system: (1) decisions must be made on how the technology will be used; (2) a detailed cost-benefit analysis must be conducted to determine that the benefits gained from a system outweigh the costs; and (3) a trade-off analysis must be conducted between the increased security, which the use of biometrics would provide, and the effect on areas such as privacy and convenience. Security concerns need to be balanced with practical cost and operational considerations as well as political and economic interests.
United States. General Accounting Office
2003-09-09
-
Electronic Government: Challenges to the Adoption of Smart Card Technology Testimony by Joel C. Willemssen, Managing Director, Information Technology Issues before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Committee on Government Reform, House of Representatives
"The federal government is increasingly interested in the use of smart cards--credit-card-like devices that use integrated circuit chips to store and process data--for improving the security of its many physical and information assets. GAO was asked to testify on the results of implementing the use of smart cards across the federal government, including the challenges to successful adoption of smart cards throughout the federal government, as well as the government's progress in promoting this smart card adoption. To successfully implement smart card systems, agency managers have faced a number of substantial challenges: sustaining executive-level commitment in the face of organizational resistance and cost concerns; obtaining adequate resources for projects that can require extensive modifications to technical infrastructures and software; integrating security practices across agencies; achieving smart card interoperability across the government; and maintaining the security of smart card systems and the privacy of personal information. GSA assists agencies in assessing the potential of smart cards and in implementation. OMB is beginning to develop a framework of policy guidance for governmentwide smart card adoption. In a July 2003 memorandum, OMB described a three-part initiative on authentication and identity management in the government, consisting of (1) developing common policy and technical guidance; (2) executing a governmentwide acquisition of authentication technology, including smart cards; and (3) selecting shared service providers for smart card technology. These efforts address the need for consistent, up-to-date standards and policy on smart cards, but much work remains before common credentialing systems can be successfully implemented across government agencies."
United States. General Accounting Office
2003-09-09
-
Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities, Statement of Robert F. Dacey, Director, Information Security Issues, Testimony before the Subcommittee on Technology Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform
"Attacks on computer systems--in government and the private sector--are increasing at an alarming rate, placing both federal and private-sector operations and assets at considerable risk. By exploiting software vulnerabilities, hackers can cause significant damage. While patches, or software fixes, for these vulnerabilities are often well publicized and available, they are frequently not quickly or correctly applied. The federal government recently awarded a contract for a government wide patch notification service designed to provide agencies with information to support effective patching. Forty-one agencies now subscribe to this service. At the request of the Chairman of the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and
the Census, GAO reviewed (1) two recent software vulnerabilities and related responses; (2) effective patch management practices, related federal efforts, and other available tools; and (3) additional steps that can be taken to better
protect sensitive information systems from software vulnerabilities."
United States. General Accounting Office
2003-09-10
-
Security: Counterfeit Identification and Identification Fraud Raise Security Concerns, Testimony by Robert J. Cramer, Managing Director, Office of Special Investigations, before the Senate Committee on Finance
This testimony summarizes some of our recent investigations that demonstrate security vulnerabilities that exist because counterfeit identification can be easily produced and used to create fraudulent identities. It is based in part on the recently issued restricted report Security: Vulnerabilities Found in Driver's License Applications Process. This also encompasses results from security tests GAO has performed over the past 3 years. These tests revealed security weaknesses at federal buildings and other facilities, airports and our nation's borders, and exposed identity fraud vulnerabilities in both the Social Security number (SSN) application process and in the administration of federal gun control laws. A number of these problems have been addressed by the responsible agencies. In summary, GAO found that (1) government officials generally did not recognize the documents presented as counterfeits, (2) some government officials failed to follow security procedures and were not alert to the possibility of identity fraud, and (3) identity verification procedures are inadequate. GAO's investigations revealed that homeland security is vulnerable to identity fraud and, unless action is taken, individuals who intend to cause harm can easily exploit these vulnerabilities. Additionally, identify fraud has a range of other consequences including potential fraud in voting, obtaining credit and federal benefits, and in many other areas.
United States. General Accounting Office
2003-09-09
-
Homeland Security at the FCC
At the July 10, 2003, Commission meeting, HSPC Director, Marsha MacBride, presented a report on the Commission's homeland security efforts, accomplishments, and plans.]
United States. Federal Communications Commission
MacBride, Marsha
2003-07-10
-
Energy Markets: Additional Actions Would Help Ensure That FERC's Oversight and Enforcement Capability is Comprehensive and Systematic
In June 2002, GAO reported that the Federal Energy Regulatory Commission (FERC) had not yet adequately revised its regulatory and oversight approach for the natural gas and electricity industries' transition from regulated monopolies to competitive markets. GAO also concluded that FERC faced significant human capital challenges to transform its workforce to meet such changes. In responding to the report, FERC said that the new Office of Market Oversight and Investigations OMOI) it was creating and human capital improvements under way would address these concerns. GAO was asked to report on FERC's progress in (1) establishing an oversight and enforcement capability for competitive energy markets and (2) improving agency-wide human capital management
United States. General Accounting Office
Haas, Dan; Wells, Jim
2003-08-15
-
Steganographic Computer Warfare
Computer technology permeates every aspect of our daily operations. As this dependence increases, users become more susceptible to attacks. This threat comes largely from computer viruses, which fall under the Information Warfare domain. Steganography's goal is to conceal information, in plain sight. Although steganography tools have been around for several years, their true potential continues to be explored. This resurgence in steganography combined with the aforementioned computer virus threat raises potential risks. This research attempts to determine strategies that can be used automatically to decode a steganography file. Emphasis is placed on automated techniques and is not specific to any steganography application. The primary objective of this thesis is to explore and assess computer systems' vulnerability to steganographic virus attacks. The results indicate that steganography tools are not conducive to be sole attack weapons. However, the tools combined with other applications could be used to automatically extract the hidden information with minimal user intervention. The research examined the current state of steganography tool capabilities with regard to computer virus implementations. Coupling these two technologies can result in a very deceptive and powerful IW attack and pose a significant risk to the United States government and our national information infrastructure.
Air Force Institute of Technology (U.S.)
Cochran, Jordon T.
2000-03
-
Nuclear Weapons: Opportunities Exist to Improve the Budgeting, Cost, Accounting, and Management Associated with Stockpile Life Extension Program
As a separately organized agency within the Department of Energy (DOE), the National Nuclear Security Administration (NNSA) administers the Stockpile Life Extension Program, whose purpose is to extend, through refurbishment, the operational lives of the weapons in the nuclear stockpile. NNSA encountered significant management problems with its first refurbishment. NNSA has begun three additional life extensions. This study was undertaken to determine the extent to which budgetary, cost accounting, and other management issues that contributed to problems with the first refurbishment have been adequately addressed.
United States. General Accounting Office
2003-07
-
Contract Management: INS Contracting Weaknesses Need Attention from the Department of Homeland Security
With annual obligations for goods and services totaling $1.7 billion, the Immigration and Naturalization Service (INS) is one of the largest of 23 entities in the Department of Homeland Security (DHS). INS's procurement organization will continue to acquire goods and services under DHS. GAO was asked to review INS's contracting processes to assess whether INS has an adequate infrastructure to manage its acquisitions and to determine whether INS is following sound contracting policies and procedures in awarding and managing individual contracts. Because INS has become a significant part of DHS and brings with it a procurement function that needs attention, it is imperative for DHS leadership to address these problems early in the development of the new department.
United States. General Accounting Office
2003-07
-
Strategic Plan: 2000-2005
This plan outlines objectives and strategies in the agency's four programmatic areas: providing investigative case support, identifying trends and patterns, administering the Bank Secrecy Act (BSA), and fostering international cooperation; as well as maintaining efficient and effective management processes. The strategic planning process enables the agency to examine its programs and refine and adjust its objectives and strategies as changing realities require. This effort provides a basis for developing FinCEN's operational plan and helps direct the more efficient allocation of limited resources.
Financial Crimes Enforcement Network (U.S.)
2000
-
EPA's Response to the World Trade Center Collapse: Challenges, Successes and Areas for Improvement
"This report contains findings that describe problems encountered in responding to the WTC collapse and corrective actions the Office of Inspector General (OIG) recommends. The September 11, 2001, terrorist attack on the World Trade Center in New York City and the environmental aftermath were unprecedented. Airborne dust from the collapse of the towers blanketed Lower Manhattan and was blown or dispersed into many of the surrounding office buildings, schools, and residences. This complex mixture of building debris and combustion by-products contained such ingredients as asbestos, lead, glass fibers, and concrete dust. Responding to this crisis required organizations from all levels of government to coordinate their response efforts and to make critical public health and safety decisions quickly, and without all of the data that decision-makers would normally desire. Unfortunately, this country may experience more terrorist attacks, and a response to such a tragedy could be needed again. Accordingly, we initiated this evaluation, in consultation with the Environmental Protection Agency (EPA) Deputy Administrator, to evaluate EPA's response to September 11. During our evaluation, we sought to answer six specific questions that address how EPA responded and how it could better respond in the future."
United States. Environmental Protection Agency. Office of the Inspector General
Beusse, Rick; Gilmore, Dana; Hatfield, James
2003-08-21
-
Fiscal Year 2004 Performance Plan: U.S. Department of State
In the years ahead, America's greatest opportunity is to utilize our position of strength to create a world that favors human freedom. This world of growing freedom serves American long-term interests, reflects enduring American ideals, and unites American allies and partners. We strive to help preserve this peace by building good relations among nations around the world and we extend this peace by encouraging free and open societies on every continent. Continuing to meet our foreign policy priorities requires a Department that can look around the corner, anticipating the challenges ahead. We must be able to plan for the next crisis rather than react to its impact. This foresight requires a culture that values planning and an organization committed to its execution. We must state our priorities and targets, being praised when we exceed our goals, and held accountable when we fall short. In the Fiscal Year 2004 Performance Plan, the Department of State describes its accomplishments to date and looks ahead to what we intend to achieve in the coming years.
United States. Department of State
2003-03
-
Aviation Safety: Advancements Being Pursued to Improve Airliner Cabin Occupant Safety and Health
"Airline travel is one of the safest modes of public transportation in the United States. GAO addressed (1) the regulatory actions that the Federal Aviation Administration (FAA) has taken and the technological and operational improvements, called advancements that are available or are being developed to address common safety and health issues in large commercial airliner cabins and (2) the barriers, if any, that the United States faces in implementing such advancements. FAA has taken a number of regulatory actions over the past several decades to address safety and health issues faced by passengers and flight attendants in large commercial airliner cabins. GAO identified 18 completed actions, including those that require safer seats, cushions with better fire-blocking properties, better floor emergency lighting, and emergency medical kits. GAO also identified 28 advancements that show potential to further improve cabin safety and health. These advancements vary in their readiness for deployment. Factors that may hinder the implementation of advancements once they are approved for commercial use include the time it takes for (1) FAA to complete the rule-making process, (2) U.S. and foreign aviation authorities to resolve differences between their respective requirements, and (3) the airlines to adopt or install advancements after FAA has approved their use. In addition, FAA's processes for setting research priorities and selecting research projects may not ensure that the limited federal funding for cabin safety and health research is allocated to the most critical and cost-effective projects. FAA also does not typically perform detailed analyses of the costs and effectiveness of potential cabin occupant safety and health advancements."
United States. General Accounting Office
2003-10-03
-
Aviation Safety: FAA and DoD Response to Similiar Safety Concerns
Safety of aircraft is a paramount concern in both civilian and military aviation because safety deficiencies can cost lives and equipment and affect mission accomplishment. The Federal Aviation Administration (FAA) and the military services often face common safety issues as they oversee the operation of similar aircraft or even dissimilar aircraft that use common parts and materials. Our preliminary work, however, showed that in some cases FAA and the military services have taken different actions to address similar aviation safety concerns. This report recognizes that there could be reasonable explanations for FAA and the military services taking different approaches in addressing such concerns. To shed more light in this area, GAO used a case study approach supplemented by a review of FAA's and Department of Defense's (DOD) aviation safety oversight processes and related interdepartmental communication efforts to (1) examine different responses by FAA and DOD/military services to similar aviation safety concerns and (2) assess the processes used by FAA and DOD1 to communicate information about similar aviation safety concerns. To select case studies for this review, GAO identified aviation safety problems shared by FAA and the military services, selected examples in which FAA and DOD/military services had taken a different approach to solving a similar aviation safety problem or had a need to be informed about such a problem, and discussed potential case studies with FAA and the military services.
United States. General Accounting Office
2002-01
-
Aviation Assistance: Information on Payments Made Under the Disaster Relief and Insurance Reimbursement Programs
The Air Transportation Safety and System Stabilization Act (the Act) provided, among other things, $5 billion in emergency assistance to compensate air carriers for their direct and incremental losses stemming from the September 11, 2001 terrorist attacks. The Act also authorized the Department of Transportation (DOT) to reimburse air carriers for increases in their insurance premiums. DOT designed and implemented a structured claim review process to help ensure that the $5 billion in disaster relief funds were used only to compensate carriers for their September 11 related losses. A team of DOT accountants, economists, and aviation analysts with support from the department's Offices of the General Counsel and the Inspector General administered the disaster relief program, reviewed carriers' loss claims, and determined carriers' allowable September 11 related losses. The major air carriers claimed losses of $5.6 billion related to the terrorist attacks. Overall, the major carriers recovered approximately 73 percent of their claimed losses. With regard to the insurance reimbursement program, the FAA implemented a systematic review process to determine the increases carriers experienced in their war risk insurance premiums following the terrorist attacks and to reimburse the carriers accordingly. For the major carriers combined, the total annual cost for war risk coverage jumped from approximately $12 million prior to the attacks to more than $700 million immediately afterwards. This jump led to the Secretary of Transportation's determination that war risk insurance was not available commercially on reasonable terms and conditions and thus FAA was authorized to begin temporarily selling war risk coverage to air carriers operating domestic flights.
United States. General Accounting Office
2003-09-17
-
Securing America's Borders: INS Faces Information Technology Planning and Implementation Challenges
IT management process controls, such as investment management and enterprise architecture management, are recognized indicators of whether an organization, like INS, can successfully develop, acquire, implement, operate, and maintain IT systems and related infrastructure. Together, enterprise architecture management and investment management, respectively, serve to explicitly blueprint the future operational environment, in both business and technology terms, needed for an organization to effectively and efficiently achieve its strategic mission, and to assure adequate senior executive involvement in the crucial capital investment decisions required to effective and efficiently put in place this target environment. This report discusses how INS has yet to implement the set of practices (e.g., policies, activities, abilities, and measures) associated with effective IT investment and enterprise architecture management. As a result, INS is not positioned to know that its ongoing and planned IT investments are the "right things to do," meaning it does not know whether these investments will produce mission value commensurate with costs and risks or whether these investments are superior to competing investment alternatives. Further, INS does not know that these investments are "being done the right way," meaning it does not know whether investments are aligned with an agency wide blueprint (architecture) that defines how the agency plans to operationally and technologically function in the future, and it does not know whether each of its ongoing investments are meeting their cost, schedule, and performance commitments.
United States. General Accounting Office
2001-10-11
-
Security: Counterfeit Indentification Raises Homeland Security Concerns, Testimony by Ronald D. Malfi, Director, Office of Special Investigations, before the Committee on Homeland Security
GAO testified about how homeland security is vulnerable to identity fraud. Today, counterfeit identification is easily produced and used to create fraudulent identities. Tests GAO has performed over the past 3 years demonstrate that counterfeit identification documents can be used to (1) enter the United States; (2) purchase firearms; (3) gain access to government buildings and other facilities; (4) obtain genuine identification for both fictitious and stolen identities; and (5) obtain social security numbers for fictitious identities. In conducting these tests, GAO created fictitious identities and counterfeit identification documents. GAO's work leads to three basic conclusions: (1) government officials and others generally did not recognize that the documents presented were counterfeit; (2) many government officials were not alert to the possibility of identity fraud and some failed to follow security procedures and (3) identity verification procedures are inadequate. The weaknesses found during this investigation clearly show that border inspectors, motor vehicle departments, and firearms dealers need to have the means to verify the identity and authenticity of the driver's licenses that are presented to them. In addition, government officials who review identification need additional training in recognizing counterfeit documents. Further, these officials also need to be more vigilant when searching for identification fraud.
United States. General Accounting Office
2003-10-01
-
Immigration Benefits: Tenth Report Required by the Haitian Refugee Immigration Fairness Act of 1988
This report responds to certain requirements of the Haitian Refugee Immigration Fairness Act (HRIFA) of 1998 that authorized certain Haitian nationals and their dependents to apply to adjust their status to legal permanent residence. Section 902(k) of the act requires the Comptroller General to report every 6 months on the number of Haitian nationals who have applied and been approved to adjust their status to legal permanent residence. The reports are to contain a breakdown of the number of Haitians who applied and the number who were approved as asylum applicants, parolees, children without parents, orphaned children, or abandoned children; or as the eligible dependents of these applicants, including spouses, children, and unmarried sons or daughters. Reports are to be provided until all applications have been finally adjudicated. This is GAO's tenth report. Through September 30, 2003, the Bureau of Citizenship and Immigration Services (BCIS), formerly part of the Immigration and Naturalization Service (INS), had received a total of 37,851 HRIFA applications and had approved 11,067 of these applications. The Executive Office for Immigration Review (EOIR) had 1,094 applications filed and had approved 273 of them.
United States. General Accounting Office
2003-10-17
-
Guideline on Network Security Testing: Recommendations of the National Institute of Standards and Technology
"Securing and operating today's complex systems is challenging and demanding. Mission and operational requirements to deliver services and applications swiftly and securely have never been greater. Organizations, having invested precious resources and scarce skills in various necessary security efforts such as risk analysis, certification, accreditation, security architectures, policy development, and other security efforts, can be tempted to neglect or insufficiently develop a cohesive, well-though out operational security testing program. This guide stresses the need for an effective security testing program within federal agencies. Testing serves several purposes. One, no matter how well a given system may have been developed, the nature of today's complex systems with large volumes of code, complex internal interactions, interoperability with uncertain external components, unknown interdependencies coupled with vendor cost and schedule pressures, means that exploitable flaws will always be present or surface over time. Accordingly, security testing must fill the gap between the state of the art in system development and actual operation of these systems. Two, security testing is important for understanding, calibrating, and documenting the operational security posture of an organization. Aside from development of these systems, the operational and security demands must be met in a fast changing threat and vulnerability environment. Attempting to learn and repair the state of your security during a major attack is very expensive in cost and reputation, and is largely ineffective. Three, security testing is an essential component of improving the security posture of your organization."
National Institute of Standards and Technology (U.S.)
Tracy, Miles C.; Wack, John P.; Souppaya, Murugiah
2003-10