U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Report Fraud, Waste, Abuse 

Audit of Department of State Access Controls for Major Applications

AUD-IT-12-44
Report Contents
Sensitive But Unclassified
Report File
Category
Audit
Bureaus/Offices
Information Resource Management (IRM)
Themes/Topics
Information Technology
Recommendation Number
1
Closed Implemented Significant

OIG recommends that the Chief Information Officer acquire the technical resources and implement the enhancements identified by the Net-Centric Diplomacy (NCD) team in NCD.09.00.00 Plan of Action, dated February 12, 2012, to ensure that users do not have broader access to cables than what is required to perform their duties.

Recommendation Number
2
Closed New Report

OIG recommends that the Chief Information Officer establish standard training requirements for post Classified State Messaging and Archive Retrieval Toolset (SMART-C) and ensure that system administrators receive required training before they are assigned and annually thereafter.

Recommendation Number
3
Closed Implemented Significant

OIG recommends that the Chief Information Officer implement logical access controls to ensure that system administrators do not have the ability to read information within sensitive cables that they do not need to perform their administrative duties.

Recommendation Number
4
Closed Implemented Significant

OIG recommends that the Chief Information Officer equip the Net-Centric Diplomacy (NCD) and Classified State Messaging and Archive Retrieval Toolset (SMART-C) applications with audit trail capabilities to log user and administrator activity.

Recommendation Number
5
Closed Implemented Significant

Sensitive Information Redacted

Recommendation Number
6
Closed New Report Significant

OIG recommends that the Bureau of Human Resources institute a formal process to notify system owners on a monthly basis of employee departures to ensure the timely removal of accounts of departing or transferring employees.

Recommendation Number
7
Closed New Report Significant

OIG recommends that the Chief Information Officer (CIO) require system owners to annually revalidate user and administrator accounts, remove those accounts that no longer require access, and certify to the CIO that revalidation has been completed.

Recommendation Number
8
Closed Implemented

OIG recommends that the Bureau of Consular Affairs (CA), Office of Consular Systems and Technology, provide additional guidance to key users of CA's applications at post to ensure that consular managers and other key users of those applications understand administrative features related to creating and managing user accounts for consular applications.

Recommendation Number
9
Closed New Report Significant

OIG recommends that the Chief Information Officer institute a formal process to require system owners to certify that the Information Systems Security Officer has reviewed audit logs monthly in order to detect and resolve potential security incidents in a timely manner.

Recommendation Number
10
Closed New Report Significant

Sensitive Information Redacted

Return to top