The U.S. Department of Transportation (DOT) Office of Inspector General (OIG) said in a memorandum that it plans to audit the security of the Federal Transit Administration’s (FTA) financial management systems.
The security controls for FTA’s financial management systems that support the Coronavirus Aid, Relief, and Economic Security (CARES) Act will be assessed for effectiveness in protecting the confidentiality, integrity, and availability of the systems and their information. The agency is required to select security controls that will reduce the systems’ vulnerability, minimize risk, and met minimum security requirements as defined by Federal Information Processing Standards Publication 200.
Under the CARES Act, DOT has received over $36 billion in funding, according to the memorandum, and of the $36 billion, FTA has received $25 billion. This funding from the CARES Act is meant to be used to provide grants for transit infrastructure to prevent, prepare for, and respond to the coronavirus pandemic.
“Since March 2020, the number of attacks on Federal Government information systems has increased through a variety of techniques, including social engineering and spear phishing,” the memorandum said. “These attacks can hinder Federal agency operations and threaten the operations of FTA’s financial management information systems by affecting system and information confidentiality, availability, and integrity.”
The OIG plans to begin the audit immediately at DOT headquarters and contractor sites.