U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Information Security: Corps of Engineers Making Improvements, But Weaknesses Continue

NCJ Number
195356
Date Published
June 2002
Length
25 pages
Annotation
This document describes the general control weaknesses associated with the U.S. Army Corps of Engineers, Civil Works security management and service continuity.
Abstract
Of the 93 recommendations made in a previous report, the U.S. Army Corps of Engineers (CORPs) had completed action on 54 and partially completed or had action plans to correct the remaining 39. The Corps also corrected nine newly identified weaknesses. Continuing and newly identified vulnerabilities involving general and application computer controls continue to impair the ability to ensure reliability, confidentiality, and availability of financial and sensitive data. Such vulnerabilities also increase risks to other Department of Defense networks and systems to which the Corps’ network is linked. Weaknesses in general controls impaired the Corps’ ability to ensure that computer risks are adequately assessed; users have only the access needed to perform their duties; system software changes are properly documented before being placed in operation; and test plans for application changes are formally documented. Application control weaknesses impaired the Corps’ ability to ensure that current and accurate Corps of Engineers Financial Management System (CEFMS) authorizations are maintained; user manuals reflect the current CEFMS environment; and the Corps is effectively using electronic signature capabilities. Authentication controls were not effective to provide reasonable assurance that users’ electronic signatures are valid. Recommendations to help strengthen and improve general and application controls include instructing the chief information officer and the deputy chief of staff for resource management to implement corrective actions to resolve the general and application computer control weaknesses identified in the March 15, 2002, “Limited Official Use Only” report. 2 tables, 13 footnotes, 1 appendix