Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002
The Office of Justice Programs' Enterprise Network System
Report No. 03-01
Office of the Inspector General
Our review disclosed that security controls need improvement to fully protect the ENS from unauthorized use, loss, or modification. Specifically, we found vulnerabilities in the areas of life cycle controls, system security planning; personnel security; contingency planning; security awareness, training, and education; identification and authentication; and logical access controls. We assessed these vulnerabilities as a medium to high risk to the ENS. If not corrected, these security vulnerabilities threaten the data stored on the ENS with the potential for unauthorized use, loss, or modification.