Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
USAJobs passes independent cybersecurity test
Friday - 8/3/2012, 5:51pm EDT
"Overall, USAJOBS was found to be in good security standing and does not appear to pose any significant risk to OPM or its constituents," the IG's office wrote.
OPM assumed control of the federal jobs portal from Monster Government Solutions in October 2011, after two security breaches in 17 months compromised job-seeker information housed in the system.
The IG's office, working with FishNet Security, Inc., found no issues that pose an immediate threat to the new website or user information in its database. But auditors did take issue with the portal's supporting infrastructure.
"The testers discovered that the domain hosting USAJOBS is shared with other services and applications hosted by OPM's Macon data center," the report said. "USAJOBS is widely considered the flagship information system at OPM. Any application with the size, visibility and public importance of USAJOBS should be operating in a dedicated, multi-tiered environment, thereby creating a defense-in- depth strategy for protecting the confidentiality, integrity, and availability of system resources and data."
In addition, investigators uncovered three high-severity vulnerabilities, which risk probable damage to the systems data and resources.
"Of these three high-severity vulnerabilities, two dealt with the problem of improper input validation; one instance on the main USAJOBS website and one on the iOS mobile application," auditors wrote. "The other high-severity vulnerability related to parameter-based redirection that could lead a user to a malicious website.
But the system weaknesses may no longer be issues, the report said, because the OPM chief information officer's staff has "already remediated many of the specific audit recommendations that were outlined in the draft report, including all three related to high-severity vulnerabilities.
The report does not provide specifics about the recommendations, because of their sensitive nature.
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.