Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

U.S. Flag An official website of the United States government.
Change Font Size

Audit (A-18-12-30420)

09-05-2013
Information Security Weaknesses Pose Risk to Operations and the Mission of the Substance Abuse and Mental Health Services Administration (SAMHSA)

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.

Summary

We reviewed selected information technology (IT) security controls over the Substance Abuse and Mental Health Services Administration (SAMHSA) network management in effect as of June 2012. We assessed the IT security controls for inventory management, patch management, antivirus management, event management, logical access, encryption, web vulnerability management and Universal Serial Bus (USB) port control management.

We found that the IT security controls for SAMHSA, that are owned and managed by the Information Technology Infrastructure and Operations (HHS/ITIO), were inadequate because security protections to be provided to SAMHSA had not been implemented and adequately monitored.

Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201