Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
USAJobs passes independent cybersecurity test
Friday - 8/3/2012, 5:51pm EDT
The government's employment website USAJobs.gov has passed its first independent cybersecurity test since the Office of Personnel Management transferred the system to an internal data center, OPM's inspector general's office said in a report released Friday.
"Overall, USAJOBS was found to be in good security standing and does not appear to pose any significant risk to OPM or its constituents," the IG's office wrote.
OPM assumed control of the federal jobs portal from Monster Government Solutions in October 2011, after two security breaches in 17 months compromised job-seeker information housed in the system.
The IG's office, working with FishNet Security, Inc., found no issues that pose an immediate threat to the new website or user information in its database. But auditors did take issue with the portal's supporting infrastructure.
"The testers discovered that the domain hosting USAJOBS is shared with other services and applications hosted by OPM's Macon data center," the report said. "USAJOBS is widely considered the flagship information system at OPM. Any application with the size, visibility and public importance of USAJOBS should be operating in a dedicated, multi-tiered environment, thereby creating a defense-in- depth strategy for protecting the confidentiality, integrity, and availability of system resources and data."
In addition, investigators uncovered three high-severity vulnerabilities, which risk probable damage to the systems data and resources.
"Of these three high-severity vulnerabilities, two dealt with the problem of improper input validation; one instance on the main USAJOBS website and one on the iOS mobile application," auditors wrote. "The other high-severity vulnerability related to parameter-based redirection that could lead a user to a malicious website.
But the system weaknesses may no longer be issues, the report said, because the OPM chief information officer's staff has "already remediated many of the specific audit recommendations that were outlined in the draft report, including all three related to high-severity vulnerabilities.
The report does not provide specifics about the recommendations, because of their sensitive nature.
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.