The Federal Emergency Management Agency does not properly secure the more than 32,000 laptops it manages, according to a heavily redacted report issued today by the inspector general at the Homeland Security Department.
From the report:
As a result, sensitive information stored and processed on Federal Emergency Management Agency laptop computers may not be protected properly. Further, because the Federal Emergency Management Agency applies the same domain security policies for its desktop computers, the configuration weaknesses identified with laptop computers are relevant to all government-issued computers assigned within the Federal Emergency Management Agency.
The inspector general found that FEMA does not have apply required minimum-security settings, does not routinely patch laptops to protect from viruses and malware, or does it have a process to track the inventory of laptops.
Because much of the report is redacted, the details of the consequences of FEMA's laptop security lapses are not fully explained.