Information Security:

Corps of Engineers Making Improvements, But Weaknesses Continue

GAO-02-589: Published: Jun 10, 2002. Publicly Released: Jun 10, 2002.

Additional Materials:

Contact:

Robert F. Dacey
(202) 512-3317
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO tested selected general and application controls of the Corps of Engineers Financial Management System (CEFMS). The Corps relies on CEFMS to perform key financial management functions supporting the Corps' military and civil works missions. The Corps has made substantial progress in improving computer controls at each of its data processing centers and other Corps sites. The Corps had completed action on 54 of GAO's 93 previous recommendations and partially completed or had action plans to correct the remainder. During the current review, nine new weaknesses were identified and corrected. Nevertheless, continuing and newly identified vulnerabilities involving general and application computer controls continue to impair the Corps' ability to ensure the reliability, confidentiality, and availability of financial and sensitive data. Such vulnerabilities increase risks to other Department of Defense networks and systems to which the Corps' network is linked. Weaknesses in general controls impaired the Corps' ability to ensure that (1) computer risks are adequately assessed, and security policies and procedures within the organization are effective and consistent with overall organizational policies and procedures; (2) users have only the access needed to perform their duties; (3) system software changes are properly documented before being placed in operation; (4) test plans and results for application changes are formally documented; (5) duties and responsibilities are adequately segregated; (6) critical applications are properly restored in the case of a disaster or interruption; and (7) the Corps has adequately protected its network from unauthorized traffic. Application control weaknesses impaired the Corps' ability to ensure that (1) current and accurate CEFMS access authorizations were maintained, (2) user manuals reflect the current CEFMS environment, and (3) the Corps is effectively using electronic signature capabilities.

Apr 17, 2014

Apr 2, 2014

Jan 28, 2014

Jan 8, 2014

Sep 26, 2013

Feb 20, 2013

Feb 1, 2013

Sep 27, 2012

Sep 18, 2012

Jul 17, 2012

Looking for more? Browse all our products here