Information Security Weaknesses Pose Risk to Operations and the Mission of the Substance Abuse and Mental Health Services Administration (SAMHSA)

Issued on 09/05/2013 | Posted on 09/05/2013 | Report number: A-18-12-30420

Report Materials

Full Report (PDF, 6.6 MB)

09-05-2013

Summary

We reviewed selected information technology (IT) security controls over the Substance Abuse and Mental Health Services Administration (SAMHSA) network management in effect as of June 2012. We assessed the IT security controls for inventory management, patch management, antivirus management, event management, logical access, encryption, web vulnerability management and Universal Serial Bus (USB) port control management.

We found that the IT security controls for SAMHSA, that are owned and managed by the Information Technology Infrastructure and Operations (HHS/ITIO), were inadequate because security protections to be provided to SAMHSA had not been implemented and adequately monitored.

Copies can also be obtained by contacting the Office of Public Affairs at .

Report Type

Audit

HHS Agencies

Substance Abuse and Mental Health Services Administration

Issue Areas

Target Groups

Financial Groups