December 12, 2014 OIG-15-16: “DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President’s cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department’s information systems, and strong authentication. While these efforts have resulted in some improvements, Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority. We also identified a significant deficiency in the Department’s information security program as the United States Secret Service (USSS) did not provide the Chief Information Security Officer (CISO) with the continuous monitoring data required by the Office of Management and Budget (OMB) during Fiscal Year (FY) 2014. Without this information, CISO was significantly restricted from performing continuous monitoring on the Department’s information systems, managing DHS’ information security program, or ensuring compliance with the President’s cybersecurity priorities. Subsequent to the completion of our fieldwork, USSS established an agreement with the DHS Chief Information Officer (CIO) to provide the required data beginning in FY 2015.”