Refer to the 2015 FISMA audit of OPM (https://www.opm.gov/our-inspector-general/

Question

Refer to the 2015 FISMA audit of OPM (https://www.opm.gov/our-inspector-general/reports/2015/federal-information-security-modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15-011.pdf (Links to an external site.)) to answer the following questions: What does it mean for an information system to operate with an “active Authorization” and how long does such an Authorization last? What mechanism allowed some OPM systems to operate without an Authorization and what justification was given? What opinion do the auditors express regarding this situation? Do you agree with the auditors?

Explanation / Answer

operating with active Authorization means to monitor security aspects of the system .It reresents material weakness in the internal control structure of the agency’s IT security program.

Active athorisation will last till the system’s security controls are meeting the security requirements of that system

Due to volume and sensitivity of the data and also due to the reason that systems were not monitored reglarly,this allowed OPM systems to operate without an a Authorisation

YES i AGREE with auditors that there was very weak security requirements .

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects