Audit (A-18-12-30420)
09-05-2013
Information Security Weaknesses Pose Risk to Operations and the Mission of the Substance Abuse and Mental Health Services Administration (SAMHSA)
Complete Report
Download the complete report
Adobe® Acrobat® is required to read PDF files.
Summary
We reviewed selected information technology (IT) security controls over the Substance Abuse and Mental Health Services Administration (SAMHSA) network management in effect as of June 2012. We assessed the IT security controls for inventory management, patch management, antivirus management, event management, logical access, encryption, web vulnerability management and Universal Serial Bus (USB) port control management.
We found that the IT security controls for SAMHSA, that are owned and managed by the Information Technology Infrastructure and Operations (HHS/ITIO), were inadequate because security protections to be provided to SAMHSA had not been implemented and adequately monitored.
Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.
Let's start by choosing a topic