http://www.fiercehealthit.com/story/office-inspector-general-audit-criticizes-hhs-access-controls/2014-07-29
By Susan D. Hall
FierceHealthIT.com
July 29, 2014
The U.S. Department of Health and Human Services must improve its security
procedures for granting access to physical facilities as well as computer
applications and files, according to an audit from the HHS Office of
Inspector General that found security controls inadequate.
The audit looked at how well the agency complied with Homeland Security
Presidential Directive-12, which lays out access-management policy for
government workers and contractors. It covered program and system-specific
controls, encryption, change controls, Web vulnerability management and
physical security.
It found five areas it categorized as high risk and one--Web
vulnerabilities--as moderate risk, though it noted it was not able to
fully determine whether vulnerabilities in in the Web portal test sites
had already been corrected.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
