November 23, 2020
It was the summer of audits at the TSP, and security has continued to receive its share of attention.
Six audits of the TSP had been completed by late summer, some of which included security.
Audits were conducted of computer access and security controls and of insider threats.
Importantly, as part of the audit process TSP administrators noted that DHS has never had a critical or high vulnerability as part of its National Cybersecurity Assessments and Technical Services (NCATS) program. While some low- and medium-level issues had been identified in the past, particularly up to 2018, they’ve been successfully mitigated.
The TSP “…has never had any critical or high vulnerabilities” as part of NCATS screening.
There were audit recommendations that remained to be addressed, such as implementing training and controls related to any potential insider threats and improving procedures to monitor suspicious behavior, among others.
A dramatically increased budget for the new fiscal year will focus on modernizing the TSP record keeping system and also includes funds for additional security measures and training. See this post for more.tsp-updates