Information Security Weaknesses Pose Risk to Operations and the Mission of the Substance Abuse and Mental Health Services Administration (SAMHSA)
Download the complete report
Adobe® Acrobat® is required to read PDF files.
We reviewed selected information technology (IT) security controls over the Substance Abuse and Mental Health Services Administration (SAMHSA) network management in effect as of June 2012. We assessed the IT security controls for inventory management, patch management, antivirus management, event management, logical access, encryption, web vulnerability management and Universal Serial Bus (USB) port control management.
We found that the IT security controls for SAMHSA, that are owned and managed by the Information Technology Infrastructure and Operations (HHS/ITIO), were inadequate because security protections to be provided to SAMHSA had not been implemented and adequately monitored.
Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.
Let's start by choosing a topic
Unimplemented OIG recommendations summarized.
FY 2014 Work Plan
OIG projects planned for 2014.
Significant OIG activities in 6-month increments.