Audit of the International Joint Commission?s 2001 and 2000 Principal Financial Statements (AUD/FM-03-01)
Beginning in 1997, in its independent auditor?s report on the Department?s financial statements, a contract auditor reported a material weakness related to information system security. The Department stated that two recommended corrective actions for this material weakness would be addressed as part of its process to implement OpenNet Plus, which would constitute a program of system vulnerability assessment and mitigation.
At the direction of OIG, an external systems contractor reviewed the Department?s OpenNet Plus connection approval process, including the independent validation and verification protocol, and the system certification and accreditation process. The systems contractor found that, although the connection approval process was a positive step, it was not sufficient to constitute a program of system vulnerability assessment and mitigation. In addition, the Department had not established a Department-specific certification and accreditation process.
The Office of Electronic Information, Bureau of Public Affairs, manages this site as a portal for information from the U.S. State Department. External links to other Internet sites should not be construed as an endorsement of the views or privacy policies contained therein.