Summary of the Independent Evaluation Pursuant to the
Government Information Security Reform Act Fiscal Year 2001
Sensitive But Unclassified Systems
Report No. 02-18
April 2002
Office of the Inspector General
RECOMMENDATIONS 6
We recommend that the Acting Assistant Attorney General for Administration (AAG/A):
(Note: According to JMD, they began addressing some of the above areas after the audits were completed.)
Although DOJ Order 2640.2D addresses many areas of identified system security vulnerabilities, it still lacks sufficient guidance in several areas. The policy should be specific to each operating system (Windows NT, Novell, and UNIX) so that the requirements are not misunderstood or inappropriately applied (i.e. some procedures may apply to Windows NT systems but not to UNIX systems). Further, procedures need to be developed to provide more specific guidance when necessary.
Therefore, we recommend that the AAG/A: