GSA IT is vulnerable, IG says

In a semiannual report to Congress released Nov. 30, the General Services Administration's Office of Inspector General highlighted a series of IT vulnerabilities and challenges at the agency.

The IT notes are part of the report's broad account of the IG's fiscal 2015 activities: 161 investigations opened, 204 closed and recommendations to put $1.3 billion in funding to better use that fiscal year.

"GSA IT systems do not always use effective data models, business rule validation checks or data exchange specifications to ensure data quality," the report states. "Challenges exist because GSA systems often do not integrate with each other, resulting in duplication of business processes, cost inefficiencies and customer dissatisfaction."

In particular, the report cites integration problems with GSA's Authorized Leave and Overtime Help Application and the Electronic Time and Attendance Management System.

"Due to design weaknesses in the interface between the two systems, GSA does not have sufficient assurance that the leave balances for thousands of its employees are accurate," the report states, noting that thousands of employees have been affected by discrepancies.

The report also addresses outstanding "sensitive data access control vulnerabilities within GSA's cloud computing environment" that were first reported in October 2014.

The vulnerability details were restricted, but IG spokeswoman Sarah Breen said five of the IG's eight recommendations remained open as of early December, despite being due to be closed by Nov. 15.

"However, the final verification of the outstanding corrective actions is in process, and we expect it to be complete soon," she added.