The Volpe Center’s Information Technology Infrastructure is at Risk for Compromise

The John A. Volpe National Transportation Systems Center (Volpe)—operating under the U.S. Department of Transportation’s (DOT) Assistant Secretary for Research and Technology—provides research, development, and information technology (IT) services to Federal and State agencies, local entities, and partners abroad. In order to prevent unauthorized access to its customers’ data and its own, Volpe’s information network must be properly protected. The Office of Inspector General (OIG) therefore conducted this self-initiated audit of the Center’s information system security controls. The objectives were to determine whether: (1) Volpe’s local area network (LAN) and Web sites are secure from compromise, and (2) security weaknesses exist in Volpe’s IT infrastructure. OIG reviewed Volpe’s network documentation and security policies and performed assessments of Volpe’s entire network, including penetration tests, vulnerability scans, and manual tests. Volpe personnel were also interviewed. It was found that Volpe’s LAN is not secure from compromise. The National Institute of Standards and Technology (NIST) provides agencies guidance on protecting their networks from intrusions. However, OIG was able to gain access to many devices on Volpe’s LAN because it did not follow NIST and DOT requirements. Recommendations to assist the Assistant Secretary for Research and Technology in securing Volpe’s IT Infrastructure are included.

Language

  • English

Media Info

  • Media Type: Digital/other
  • Edition: Audit Report
  • Features: Appendices; Tables;
  • Pagination: 17p

Subject/Index Terms

Filing Info

  • Accession Number: 01596799
  • Record Type: Publication
  • Report/Paper Numbers: FI-2016-056
  • Files: TRIS, RITA, ATRI, USDOT
  • Created Date: Apr 8 2016 9:39AM