Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002

The Federal Bureau of Prisons' Inmate Telephone System II

Report No. 03-04
November 2002
Office of the Inspector General


TABLE OF CONTENTS

EXECUTIVE SUMMARY

OBJECTIVE, SCOPE, AND METHODOLOGY

FINDINGS AND RECOMMENDATIONS

  1. Management Controls
    1. Life Cycle
    2. Authorize Processing (Certification and Accreditation)
    3. System Security Plan

  2. Operational Controls
    1. Personnel Security
    2. Physical and Environmental Protection
    3. Production, Input/Output Controls
    4. Contingency Planning
    5. Hardware and Systems Software Maintenance
    6. Data Integrity
    7. Incident Response Capability

  3. Technical Controls
    1. Identification and Authentication
    2. Logical Access Controls
    3. Audit Trails

CONCLUSION

APPENDIX I- NATIONAL INSTUTE OF STANDARDS AND TECHNOLOGY GENERAL CONTROL AREAS

APPENDIX II - FEDERAL BUREAU OF PRISONS RESPONSE TO THE OIG DRAFT REPORT

APPENDIX III - OIG, AUDIT DIVISION ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT