Audit: Weaknesses identified in ATF data security measures

By Christen Smith

Federal auditors discovered weaknesses in the Bureau of Alcohol, Tobacco, Firearms and Explosives data security protocols, according to a report released this week.
The Department of Justice’s Office of Inspector General found weaknesses in four of the agency’s seven domain areas in need of correcting to protect ATF information systems and data, according to the audit summary.
The audit measures ATF compliance with the Federal Information Security Modernization Act, implemented in 2014 to update the federal government’s cyber security policies and prevent hacking.
“FISMA assigns responsibilities to federal agencies, the National Institute of Standards and Technology (NIST), and OMB to strengthen federal information system security,” the audit says. “This includes directing NIST to develop standards and guidelines for ensuring the effectiveness of information security controls over information systems that support federal agencies’ operations and assets, and requiring the head of each agency to implement policies and procedures to cost effectively reduce risks to an acceptable level.”
The OIG withheld the entire audit from public viewing, but said it made five recommendations for ATF officials to improve the agency’s security program. The agency concurred with the identified weaknesses, according to the audit.
“Annually, agency Inspectors General are required to either perform an independent evaluation or contract an independent

Source: Guns.com