Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002

The United States Marshals Service's Warrant Information Network

Report No. 03-03
November 2002
Office of the Inspector General

TABLE OF CONTENTS

EXECUTIVE SUMMARY

OBJECTIVE, SCOPE, AND METHODOLOGY

FINDINGS AND RECOMMENDATIONS

  1. Management Controls
    2.
    1. Review of Security Controls
      2.
    2. Life Cycle
      3.
    3. Authorize Processing (Certification and Accreditation)
      4.
    4. System Security Plan
      5.

  2. Operational Controls
    3.
    1. Personnel Security
      2.
    2. Physical and Environmental Protection
      3.
    3. Production and Input/Output Controls
      4.
    4. Contingency
      5.
    5. Hardware and System Software Maintanence
      6.
    6. Data Integrity
      7.
    7. Documentation
      8.
    8. Security Awareness, Training, and Education
      9.
    9. Incident Response Capability
      10.

  3. Technical Controls
    4.
    1. Identification and Authentication
      2.
    2. Logical Access Controls
      3.
    3. Audit Trails
      4.

CONCLUSION

APPENDIX I - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY GENERAL AREAS OF CONTROL

APPENDIX II - UNITED STATES MARSHALS RESPONSE TO THE OIG DRAFT REPORT

APPENDIX III - OIG, AUDIT DIVISION, ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT