Unclear NSA CIO Role Puts the Agency’s IT at Risk, IG Says – Nextgov

The National Security Agencys chief information officer may be unsure of what theyre supposed to be doing with attention being pulled disproportionately toward cybersecurity issues, according to the agencys inspector general.

The Agencys CIO role is ambiguous, without clearly defined authorities and responsibilities, the OIG wrote in the semi-annual report released Thursday, which otherwise gives NSA a pat on the back for implementing its recommendations.

The IG audited the agency for compliance with Clinger-Cohen Act of 1996 and an Office of Management and Budget memorandum, documents that describe the CIO role and responsibilities for budget, program and workforce management as well as overseeing information security.

Examining the implementation of an enterprise IT architecture program and the CIOs placement within the NSAs management structure, the IG said the agency and the CIO made substantial progress, but there were a few attention-grabbing reasons they noted as contributing to shortfalls.

These were dual hatting the functions of the CIO with those of an NSA Directorate, a lack of documentation for the delegation of authorities, failure to include the CIO role in agencyorganization charts, and agency communications that reinforced the CIOs authorities primarily for the information security component.

The CIO has the requisite oversight of and decision rights for all Agency IT, the IG explains, noting, The issues identified in this audit increase the risk that the agency ...may not be maximizing its effectiveness and efficiency in designing, investing in, acquiring, managing, and maintaining the full range of its IT.

The report said the IG made four recommendations to address the issue, and that the NSA has sufficiently addressed one of those, with actions planned to implement the other three.

In general, though, the IG reports the NSAs overdue recommendations for the period of April through September represented 59% of the total number of open recommendations, which was the lowest percentage of open recommendations that were overdue over the past four semi-annual reports.

This reflects significant progress, but there is still substantial work to be done, according to the latest report.

The OIG is now evaluating NSAs implementation of the Federal Information Security Modernization Act of 2014. That audit will focus specifically on assessing the agencys information security practices.

Link:
Unclear NSA CIO Role Puts the Agency's IT at Risk, IG Says - Nextgov

Related Posts

Comments are closed.