During our ongoing audit of the Department of Homeland Security’s learning management system (DHSLearning), we identified a significant risk to the operations, assets, and individuals at the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Law Enforcement Training Centers (FLETC). We are issuing this management alert to advise CISA and FLETC to take immediate action to mitigate risks associated with using a high-risk contractor (Contractor A) to supply their learning management systems. A DHS internal investigation identified Contractor A as having poor cybersecurity practices. By not taking action to mitigate the control deficiencies, CISA and FLETC may be putting sensitive personally identifiable information (PII) and sensitive law enforcement training information stored and processed by CISA and FLETC’s learning management systems at risk of compromise…
Recommendations
Recommendation 1: We recommend the CISA Chief Information Officer immediately mitigate the control deficiencies or cease operation of the Federal Virtual Training Environment system.
Recommendation 2: We recommend the FLETC Chief Information Officer immediately mitigate the control deficiencies or cease operation of the eFLETC system.
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.