Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002

The Office of Justice Programs' Enterprise Network System

Report No. 03-01
October 2002
Office of the Inspector General

TABLE OF CONTENTS

COMMENTARY AND SUMMARY

OBJECTIVE, SCOPE, AND METHODOLOGY

ENTERPRISE NETWORK SYSTEM (ENS) ENVIRONMENT

SUMMARY RESULTS OF THE AUDIT

FINDINGS

  1. Management Controls
    1. Life Cycle
      2.
    2. System Security Plan
      3.

  2. Operational Controls
    1. Personnel Security
      2.
    2. Contingency Planning
      3.
    3. Security Awareness, Training, and Education
      4.

  3. Technical Controls
    1. Identification and Authentication
      2.
    2. Logical Access Controls
      3.

CONCLUSION

APPENDIX I - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY GENERAL CONTROL AREAS

APPENDIX II - REPORT STATUS