DOORS AJAR: The Department of Education is doing a poor job guarding against cybersecurity threats, according to a new report by the office of Inspector General Kathleen Tighe (OIG). The OIG reviewed whether the information security systems of Federal Student Aid (FSA) and the Department of Education measured up to the Department of Homeland Security's Federal Information Security Modernization Act of 2014 (FISMA). The Department and FSA's networks hold the personal and financial records of millions of parents and students.
Of the ten areas the OIG measured, it found the Department and FSA most lacking in "continuous monitoring, configuration management, incident response and reporting, and remote access management," though it recommended department-wide improvement of cybersecurity to both agencies.
In addition, the OIG found that the Department and FSA's records remained easily accessible through third-party contractors, which are a large portion of how both agencies operate their networks. As for the responses to the threats, the OIG saw that neither Dell Services Federal Government nor the Office of the Chief Information Officer, both responsible for detecting cyberattacks, detected the OIG's probes during the investigation. The report made 26 recommendations, ten of which were repeat recommendations that the Department had previously failed to comply with.