【 摘 要 】

A letter report issued by the Government Accountability Office with an abstract that begins "The Federal Communications Commission (FCC) did not effectively implement appropriate information security controls in the initial components of the Enhanced Secured Network (ESN) project. Although FCC took steps to enhance its ability to control and monitor its network for security threats, weaknesses identified in the commission's deployment of components of the ESN project as of August 2012 resulted in unnecessary risk that sensitive information could be disclosed, modified, or obtained without authorization. This occurred, in part, because FCC did not fully implement key information security activities during the development and deployment of the initial components of the project. While FCC policy is to integrate security risk management into system life-cycle management activities, the commission instead deployed the initial components of the ESN project without, among other things, first selecting and documenting the security controls, assessing the controls, or authorizing the system to operate. As a result of these deficiencies, FCC's information remained at unnecessary risk of inadvertent or deliberate misuse, improper disclosure, or destruction. Further, addressing these deficiencies could require costly and timeconsuming rework."

【 预 览 】

附件列表

Files	Size	Format	View
651542.pdf	909KB	PDF	download