Improvements Are Needed to Ensure That Wireless Networks Are Secure

The Chief Information Officer should ensure that the 25 wireless network security-related weaknesses are resolved and that the evidence supporting the weakness closures is updated in the Treasury Federal Information Security Modernization Act of 2014 (FISMA) Inventory Management System for subsequent testing and closure approval.

The Chief Information Officer should correct the wireless access point inventory issues that TIGTA identified and shared with management.

The Chief Information Officer should update the internal procedures to provide detailed requirements for reviews and updates to the wireless access point inventory, including taking photographs of the devices during the deployment and replacement stages.

The Chief Information Officer should improve the current inventory management system and platform to ensure that all changes to wireless access point components are updated simultaneously.

The Chief Information Officer should ensure that the User and Network Services (UNS) function reviews and minimizes the broadcast range of the wireless access point signals to be within IRS-controlled boundaries. In addition, ensure that the broadcast range for the wireless access points planned for model replacement is minimized.