GAO Finds Deficiencies in Systems for Handling National Debt

IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.

Two related reports from the General Accounting Office (GAO) point out significant issues with the IT systems involved in managing and servicing more than $22 trillion in federal debt. The reports — one a GAO financial audit of the Bureau of the Fiscal Service, and the other a management report on the Federal Reserve — each conclude that there are problems with the configuration and control systems within IT. And while those problems have not yet resulted in system breaches, according to the reports, theyre worthy of immediate attention and remediation.
In the financial audit of the Bureau of the Fiscal Service, auditors include a section in which they underscore the importance of a significant deficiency in information system controls. These general control deficiencies increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations, they say. In particular, the audit mentions the lack of least privilege access as a security concern for systems.
The audit also lists broad suggestions for remediation, though it doesnt express any great optimism for the implementation of those steps. We continued to identify instances in which known information system vulnerabilities were not being remediated on a timely basis. We also continued to identify instances in which implemented configuration settings were not effectively monitored against baseline security requirements, they say.
Federal Reserve Banks are charged with implementing many of the practical steps of dealing with the national debt. Although the GAO didnt audit the banks, it did conduct a management review looking at issues similar to those raised in the Bureau of the Fiscal Service audit. The GAO issued a pair of reports, one limited to staff and the board of governors, and the other a high-level public report.
The public management report points out deficiencies in configuration management. These new and continuing control deficiencies increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs, it says.
Though the deficiencies have not resulted in breaches, the response has not come through improvements to the technology and its use. Rather, the GAO found the deficiencies were mitigated primarily by Fiscal Services compensating management and reconciliation controls to detect potential misstatements of the Schedule of Federal Debt.
Each report points out that some of the issues identified in previous audits and reports have been mitigated, while others remain to be dealt with.
Read more
here
and
here
.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
GAO Finds Deficiencies in Systems for Handling National Debt