Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
USAJobs passes independent cybersecurity test
Friday - 8/3/2012, 5:51pm EDT
"Overall, USAJOBS was found to be in good security standing and does not appear to pose any significant risk to OPM or its constituents," the IG's office wrote.
OPM assumed control of the federal jobs portal from Monster Government Solutions in October 2011, after two security breaches in 17 months compromised job-seeker information housed in the system.
The IG's office, working with FishNet Security, Inc., found no issues that pose an immediate threat to the new website or user information in its database. But auditors did take issue with the portal's supporting infrastructure.
"The testers discovered that the domain hosting USAJOBS is shared with other services and applications hosted by OPM's Macon data center," the report said. "USAJOBS is widely considered the flagship information system at OPM. Any application with the size, visibility and public importance of USAJOBS should be operating in a dedicated, multi-tiered environment, thereby creating a defense-in- depth strategy for protecting the confidentiality, integrity, and availability of system resources and data."
In addition, investigators uncovered three high-severity vulnerabilities, which risk probable damage to the systems data and resources.
"Of these three high-severity vulnerabilities, two dealt with the problem of improper input validation; one instance on the main USAJOBS website and one on the iOS mobile application," auditors wrote. "The other high-severity vulnerability related to parameter-based redirection that could lead a user to a malicious website.
But the system weaknesses may no longer be issues, the report said, because the OPM chief information officer's staff has "already remediated many of the specific audit recommendations that were outlined in the draft report, including all three related to high-severity vulnerabilities.
The report does not provide specifics about the recommendations, because of their sensitive nature.
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.