Report

ICE Should Improve Controls to Restrict Unauthorized Access to Its Systems and Information

U.S. Immigration and Customs Enforcement (ICE) did not consistently implement effective access controls to restrict access to its network and information technology (IT) systems. Although ICE took a multi-layered approach to managing access for personnel who change positions or leave the component altogether, we determined that ICE did not consistently manage or remove access when personnel separated or changed positions. For example, 84 percent of the accounts for separated personnel we examined remained active beyond the individual’s last workday. Additionally, ICE did not monitor and configure privileged user access, service accounts, and access to sensitive security functions as required. These deficiencies stemmed from insufficient internal controls and oversight of user account management and compliance to ensure access controls were administered appropriately and effectively to prevent unauthorized access.

VIEW FULL REPORT

SHARE:

TAGS:

COMMENTS

Report

ICE Should Improve Controls to Restrict Unauthorized Access to Its Systems and Information

U.S. Immigration and Customs Enforcement (ICE) did not consistently implement effective access controls to restrict access to its network and information technology (IT) systems. Although ICE took a multi-layered approach to managing access for personnel who change positions or leave the component altogether, we determined that ICE did not consistently manage or remove access when personnel separated or changed positions. For example, 84 percent of the accounts for separated personnel we examined remained active beyond the individual’s last workday. Additionally, ICE did not monitor and configure privileged user access, service accounts, and access to sensitive security functions as required. These deficiencies stemmed from insufficient internal controls and oversight of user account management and compliance to ensure access controls were administered appropriately and effectively to prevent unauthorized access.

VIEW FULL REPORT

SHARE:

TAGS:

COMMENTS

Translate »