Social Security's Office of Inspector General (OIG) has released only a stub of a report on security in Social Security's online services but it's enough to strongly suggest there are problems. The agency admits that it needs a "higher degree of confidence in users’ asserted identities" and OIG says it is "imperative" that the agency do so "as soon as possible."
Because this is security related, it's essentially very limited. But the agency is always assessing risk of it's IT systems, it's required by law and an obligation that is the reason the Office of Information Security exists. So the OIG tries to poke holes, OIS hires people and uses inside staff to poke holes and holes are remediated. The fact is the agency self reports and addresses/fixes a boatload of items on it's own which is what every single IT operation on the planet should be doing because security is a moving target. So this is a stating the obvious OIG report.
ReplyDelete