The Securities and Exchange Commission made improvements to its information security but remaining weaknesses could still put its financial data at risk, according to a congressional audit.
Since the last audit, SEC staff deployed multiple firewalls, created a disaster recovery plan, and reassessed a variety of rules and protocols. Still, it was not enough. The agency still had about a dozen different problems in need of attention after addressing many of their previous issues, according to a Government Accountability Office report released Friday.
“While SEC had improved its information security by addressing previously identified weaknesses, the information security control weaknesses that continued to exist in its computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by the system,” the report said.
The report specifically pointed out problems with the SEC’s documentation management, the GAO report said. SEC also did not fully review or update its contingency and disaster recovery plan or security plan of action.
“These weaknesses existed, in part, because SEC did not effectively implement key elements of its information security program…” the report said.
In a previous audit from September 2014, GAO identified 20 unresolved weaknesses. By September 2015, SEC resolved five and “made progress in addressing the other 15,” the audit said.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.