Office Audits. Audit of Accountability, Inventory Controls, and Encryption of Laptop Computers at Selected Department of State Bureaus in the Washington, DC, Metropolitan Area

摘要

Since 2006, the Office of Management and Budget (OMB) has issued several policy directives to require and remind departments and agencies to protect sensitive agency information and personally identifiable information (PII). These requirements include safeguarding information on mobile computers/devices to include encrypting all data on laptop computers unless the data is determined to be non-sensitive. During 2007 and 2008, the Secretary of State and the Chief Information Officer (CIO) issued several notices and guidance to Department of State (Department) offcials to implement the OMB directives, including the responsibility for protecting information on the Departments laptop computers. Because of the attention to and importance of these requirements, the Office of Inspector General (OIG) initiated this audit to review, on a sample basis, the Departments implementation of these mandates related to property accountability and inventory controls over Department-owned laptop computers, encryption, and security awareness training. This audit was conducted on the inventory of laptop computers located in four bureaus in the Washington, DC, metropolitan area. The Department does not have an accurate accounting for and has not encrypted all of its classifed and unclassifed laptop computers in the Washington, DC, area for the four bureaus included in OIGs audit.