Web Log for Federal Financial Management -- Federal CFO, CPO, CIO, CAO, and CHCO news aggregated from open sources, such as: GAO, USHR, USS, Federal, State, & Local Agencies, IGs, and Watchdog organizations for public consumption.
A congressional watchdog has tasked the U.S. Securities and Exchange Commission (SEC) with addressing a number of security weaknesses impacting its system.
On Thursday, the U.S. Government Accountability Office (GAO) released a report (PDF) detailing the issues, which included SEC not encrypting sensitive data, properly identifying and authenticating users, or securely configuring a vital financial system, leaving it vulnerable to attack.
According to the 25-page report, “the information security weaknesses existed, in part, because SEC did not effectively oversee and manage the implementation of information security controls during the migration of this key financial system to a new location."
The watchdog said that SEC did not adequately oversee a contractor it hired to migrate its systems to a different data center last June.
As a result of SEC's need to improve security controls, GAO determined that the agency – which regulates the securities market, including exchanges, brokers, dealers and investment firms – had a “significant deficiency in internal control over financial reporting for fiscal year 2013.”