Information Technology Vulnerability Assessment of the International Cooperative Administrative Support Services System (AUD/FM-03-03)
The Government Management Reform Act of 1994 (GMRA) requires that the Department?s principal financial statements be audited annually. Audits of the principal financial statements require, among other things, understanding and assessing the adequacy of the internal control process for recording, accumulating, and reporting financial data. This, in turn, requires an assessment of the security over the automated systems that process financial data. At OIG?s direction, independent external computer specialists performed a vulnerability assessment of the ICASS system.
OIG found that the specific security features associated with the ICASS application appeared to function correctly and were well managed. The OpenNet segment that supports the ICASS application needed some improvements but was sufficiently secure to satisfy most system requirements. There were a number of vulnerabilities detected during the technical vulnerability assessment. Most of these pertained to system configuration issues that could be corrected without affecting overall network performance or availability. Many of these issues also were noted during vulnerability assessments of other applications, which suggests that the problems still exist throughout the Department?s IT infrastructure and, therefore, should be addressed Department-wide rather than one segment at a time.
The Office of Electronic Information, Bureau of Public Affairs, manages this site as a portal for information from the U.S. State Department. External links to other Internet sites should not be construed as an endorsement of the views or privacy policies contained therein.