Review of the United States Marshals Service's Prisoner Tracking System
Report No. 04-29
August 2004
Office of the Inspector General
CONTROL AREAS |
VULNERABILITIES NOTED |
Entity-wide Security Program Planning & Management | |
Assess risks periodically | |
Document an entity-wide security program plan | |
Establish a security management structure and clearly assign security responsibilities | X |
Implement effective security-related personnel policies | X |
Monitor the security program’s effectiveness and make changes as needed | |
Access Controls | |
Classify information resources according to their criticality and sensitivity | |
Maintain a current list of authorized users and ensure that their access is authorized | X |
Establish physical and logical controls to prevent and detect unauthorized access | X |
Monitor access, investigate apparent security violations, and take appropriate remedial action | |
Application Software Development & Change Control | |
Authorize processing features and modifications | X |
Test and approve all new and revised software | |
Control software libraries | |
System Software | |
Limit access to system software | |
Monitor access to and use of system software | |
Control system software changes | X |
Segregation of Duties | |
Segregate incompatible duties and establish related policies | X |
Establish access controls to enforce segregation of duties | |
Control personnel activities through formal operating procedures and supervision and review | X |
Service Continuity | |
Assess the criticality and sensitivity of computerized operations and identify supporting resources | X |
Take steps to prevent and minimize potential damage and interruption | X |
Develop and document a comprehensive contingency plan | |
Test the contingency plan periodically and adjust it as appropriate | X |
CONTROL AREAS |
VULNERABILITIES NOTED |
Authorization Controls | |
All data are authorized before entering the application system | X |
Restrict data entry terminals to authorized users for authorized purposes | X |
Master files and exception reporting help ensure all data are processed and are authorized | |
Completeness Controls | |
All authorized transactions are entered into and processed by the computer | X |
Reconciliations are performed to verify data completeness | |
Accuracy Controls | |
Data entry design features contribute to data accuracy | |
Data validation and editing are performed to identify erroneous data | |
Erroneous data are captured, reported, investigated, and corrected | X |
Output reports are reviewed to help maintain data accuracy and validity | X |
Controls Over Integrity of Processing and Data Files | |
Procedures ensure that the current version of production programs and data files are used during processing | |
Programs include routines to verify that the proper version of the computer files is used during processing | |
Programs include routines for checking internal file header labels before processing | |
Mechanisms within the application protect against concurrent file updates | X |