Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
USAJobs passes independent cybersecurity test
Friday - 8/3/2012, 5:51pm EDT
"Overall, USAJOBS was found to be in good security standing and does not appear to pose any significant risk to OPM or its constituents," the IG's office wrote.
OPM assumed control of the federal jobs portal from Monster Government Solutions in October 2011, after two security breaches in 17 months compromised job-seeker information housed in the system.
The IG's office, working with FishNet Security, Inc., found no issues that pose an immediate threat to the new website or user information in its database. But auditors did take issue with the portal's supporting infrastructure.
"The testers discovered that the domain hosting USAJOBS is shared with other services and applications hosted by OPM's Macon data center," the report said. "USAJOBS is widely considered the flagship information system at OPM. Any application with the size, visibility and public importance of USAJOBS should be operating in a dedicated, multi-tiered environment, thereby creating a defense-in- depth strategy for protecting the confidentiality, integrity, and availability of system resources and data."
In addition, investigators uncovered three high-severity vulnerabilities, which risk probable damage to the systems data and resources.
"Of these three high-severity vulnerabilities, two dealt with the problem of improper input validation; one instance on the main USAJOBS website and one on the iOS mobile application," auditors wrote. "The other high-severity vulnerability related to parameter-based redirection that could lead a user to a malicious website.
But the system weaknesses may no longer be issues, the report said, because the OPM chief information officer's staff has "already remediated many of the specific audit recommendations that were outlined in the draft report, including all three related to high-severity vulnerabilities.
The report does not provide specifics about the recommendations, because of their sensitive nature.
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.