Skip to content United States Department of Transportation - Federal Highway Administration FHWA Home Feedback

Highway Trust Fund

Financial Report for Fiscal Year 2004

Management's Discussion and Analysis

Table of Contents | Management's Discussion and Analysis | Financial Section | Appendices

 

The Department's Information Systems Security

FHWA

Consistent with the Departmental FY 2004 Security Goals, FHWA completed certification and accreditation (C&A) of 100% of its operational IT systems, continued to work on the reduction of security weaknesses, and reported its progress through the quarterly Plan of Action and Milestones Departmental update process. FHWA also implemented the Departmental Baseline Configuration standards for all new systems and implemented the standards on all exiting systems to the extent possible. FHWA provided system administrator security training, which included a section on compliance with DOT baseline security configuration standards. FHWA also continued to operate its vulnerability scanning program, which requires that all remediation of vulnerabilities must be done before new servers are attached to the network. Finally, FHWA continued its security patching efforts and performed routine patch scans to ensure that patches are applied.

FMCSA

Consistent with OST's guidance, FMCSA developed IT security plans for all of its 19 systems and completed C&A for 100 percent of its systems by June 30, 2004.

FTA

FTA provided a business impact analysis for TEAM, Electronic Clearing House Operation (ECHO), and Datapoint On-Line Transaction System (DOTS) in October 2003. The TEAM C&A was completed in May 2004. Disaster recovery testing for TEAM, ECHO, and DOTS were completed in June 2004. Remaining risk assessments and security test and evaluations were completed in August 2004.

FTA revised policies and procedures that detail the development and construction of test plans, documentation of test results, delivery and implementation of software, and approval by management for all system and application software for DOTS and ECHO.

NHTSA

NHTSA met the requirements of the Federal Information Security Management Act by accomplishing 100 percent C&A of its IT systems and a reduction of high-risk vulnerabilities to zero in a timely fashion. NHTSA participated in the development of the Department's Enterprise "Target" architecture and modernization blueprint.

 

< Go to Previous Page | Go to Next Page >
FHWA Home | Feedback
FHWA
United States Department of Transportation - Federal Highway Administration