Identifier
Created
Classification
Origin
09BOGOTA3702
2009-11-20 19:25:00
UNCLASSIFIED
Embassy Bogota
Cable title:
Comments on Draft Report on Audit of Overseas Laptop
how-toVZCZCXYZ0006 RR RUEHWEB DE RUEHBO #3702/01 3241925 ZNR UUUUU ZZH R 201925Z NOV 09 FM AMEMBASSY BOGOTA TO RUEHC/SECSTATE WASHDC 1116 INFO RUEHBO/AMEMBASSY BOGOTA
UNCLAS BOGOTA 003702
SIPDIS
FOR OFFICE OF INSPECTOR GENERAL (OIG)
E.O. 12958: N/A
TAGS: AMGT ASIG AINF
SUBJECT: Comments on Draft Report on Audit of Overseas Laptop
Computer Inventory Controls and Security Management (AUD/SI-10-08)
REF: A) 6 NOV 2009 MEMORANDUM FROM OIG HAROLD W. GEISEL TO
AMBASSADOR, U.S. EMBASSY BOGOTA
B) DRAFT REPORT ON AUDIT OF OVERSEAS LAPTOP COMPUTER INVENTORY
CONTROLS AND SECURITY MANAGEMENT (AUD/SI-10-08)
UNCLAS BOGOTA 003702
SIPDIS
FOR OFFICE OF INSPECTOR GENERAL (OIG)
E.O. 12958: N/A
TAGS: AMGT ASIG AINF
SUBJECT: Comments on Draft Report on Audit of Overseas Laptop
Computer Inventory Controls and Security Management (AUD/SI-10-08)
REF: A) 6 NOV 2009 MEMORANDUM FROM OIG HAROLD W. GEISEL TO
AMBASSADOR, U.S. EMBASSY BOGOTA
B) DRAFT REPORT ON AUDIT OF OVERSEAS LAPTOP COMPUTER INVENTORY
CONTROLS AND SECURITY MANAGEMENT (AUD/SI-10-08)
1. Following is Embassy Bogota comments on the draft report and
information on actions taken for the seven recommendations (Nos. 2,
4, 7, 9, 11, 13 and 15) that require Post's attention per Ref A.
2. OIG Recommendation 2. OIG recommends that Embassies Bogota,
Mexico City, Rome, and Vienna require the Information Management
Officer and the General Services Officer to ensure that all laptops
are properly entered into the post inventory system and
periodically reconciled to manual records.
Agree. Per the draft OIG report, ref B, IMO and GSO will ensure
that NAS procured laptops and RSO procured laptops are entered in
ILMS even when the laptops are procured outside of normal Embassy
procurement channels. IMO & GSO will ensure that all NAS and RSO
personnel understand Post's policies. IMO has taken over the
management of NAS laptop inventory to ensure all NAS laptops are
properly inventoried.
3. OIG Recommendation 4. OIG recommends that Embassies Bogota and
Mexico City require the Information Management Officer to submit
the results of the next physical inventory of laptop computers,
along with the accompanying reconciliation of the official
inventory with the Information Management Officer's unofficial
inventory, to the Bureau of Information Resource Management and the
Office of Inspector General.
Agree. GSO and IRM will match laptop inventories on a quarterly
basis and ensure all laptops, however or by whoever procured are
entered into the ILMS inventory. IMO is now responsible for
complete management of all State Department laptops.
4. OIG Recommendation 7. OIG recommends that Embassies Bogota,
Mexico City, Rome, and Vienna require the Information Management
Officer to ensure compliance with laptop loan out procedures and
the proper preparation of supporting documentation.
Agree. IMO will assure that per the OIG draft report, ref B, since
"Most of the documents were in the NAS, where officials said that
they were not aware of the requirement to have authorizing
Signatures." NAS officials are aware of the requirement. Ref B
also states that "OIG informed the NAS chief that all laptop loans
required a supervisory authorizing official to sign the forms, and
he agreed to ensure that this was done in the future." IMO is now
responsible for all NAS laptops and will ensure these laptops
adhere to all Post and Department procedures.
5. OIG Recommendation 9. OIG recommends that Embassy Bogota
require the Information Management Officer and the General Services
Officer to investigate the disposition of each missing laptop and
prepare the required documentation as necessary. The Bureau of
Information Resource Management and the Office of the Inspector
General should then be notified with the accompanying
documentation.
Agree. Per Ref B "this occurred because the Embassy's NAS and GSO
did not follow required Department procedures for reporting missing
laptop...NAS should have reported these losses immediately to the
IMO." This recommendation also relates back to recommendation 2
where "all laptops are properly entered into the post inventory
system". Once this occurs IMO can ensure all laptops are counted
and missing laptops properly disposed of. Per Ref B, "During its
visit, OIG informed NAS and the GSO of the need to immediately
report the missing laptops to cognizant officials for appropriate
actions...In March 2009, the NAS prepared the required property
disposal reports for its five laptops." IMO will remind NAS and
GSO of the reporting requirement for missing property as directed
in FAM. IMO is now responsible for all laptops so this issue
should never recur.
6. OIG Recommendation 11. OIG recommends that Embassies Bogota,
Mexico City, Rome, Tokyo, and Vienna and the American Institute in
Taiwan require the Information Management Officer to ensure that
all laptop users receive the annual cyber security awareness
briefing and to maintain documentation to support that the briefing
was presented.
Agree. IMO is now managing the complete laptop program. Since all
laptop users will be subject to procedures outlined in Ref B there
should be no unsigned acknowledgement forms. By signing the form
DS-7642 Mobil Computing and Data Storage Request, the user
acknowledges that the briefing has been completed.
7. OIG Recommendation 13. OIG recommends that Embassy Bogota and
the American Institute in Taiwan require the Information Management
Officer to comply with the provisions of the Foreign Affairs
Handbook (12 FAH-6 H-542.5-10) for hard drive disposition and the
proper preparation of laptop shipping documentation.
Agree. Per Ref B, "During FY 2008, Embassy Bogota's NAS disposed
of 14 laptops through auction, but the NAS did not follow the
Department's regulation for the proper
disposition of hard drives. The FAH (12 FAH-6 H-542.5-10) requires
all hard drives to be sent via classified pouch to IRM for
disposition. NAS officials said that the hard drives had been
erased with Department-approved software to remove any information
prior to sale. However, all hard drives must be sent via classified
pouch to IRM for disposition. The NAS officials further stated that
they were unaware of the requirement to send the hard drives to IRM
and that it was the NAS's understanding that embassies and posts
were allowed to sanitize hard drives and to destroy them in
accordance with local procedures."
IMO is now managing the laptop program including all NAS laptops.
Disposition of all NAS laptops and hard drives will comply with the
provisions of 12 FAH-6 H-542.5-10.
8. OIG Recommendation 15. OIG recommends that Embassies Bogota,
Mexico City and Vienna require the Information Management Officer
to comply with Department of State policy to encrypt all laptops or
to obtain waivers when there is a valid operational justification.
Agree. IMO is now managing the laptop program and all laptops are
encrypted. NAS and RSO laptops that were too old for encryption
have been disposed.
9. Post appreciates the opportunity to participate in this
overseas review and correct noted deficiencies.
BROWNFIELD
SIPDIS
FOR OFFICE OF INSPECTOR GENERAL (OIG)
E.O. 12958: N/A
TAGS: AMGT ASIG AINF
SUBJECT: Comments on Draft Report on Audit of Overseas Laptop
Computer Inventory Controls and Security Management (AUD/SI-10-08)
REF: A) 6 NOV 2009 MEMORANDUM FROM OIG HAROLD W. GEISEL TO
AMBASSADOR, U.S. EMBASSY BOGOTA
B) DRAFT REPORT ON AUDIT OF OVERSEAS LAPTOP COMPUTER INVENTORY
CONTROLS AND SECURITY MANAGEMENT (AUD/SI-10-08)
1. Following is Embassy Bogota comments on the draft report and
information on actions taken for the seven recommendations (Nos. 2,
4, 7, 9, 11, 13 and 15) that require Post's attention per Ref A.
2. OIG Recommendation 2. OIG recommends that Embassies Bogota,
Mexico City, Rome, and Vienna require the Information Management
Officer and the General Services Officer to ensure that all laptops
are properly entered into the post inventory system and
periodically reconciled to manual records.
Agree. Per the draft OIG report, ref B, IMO and GSO will ensure
that NAS procured laptops and RSO procured laptops are entered in
ILMS even when the laptops are procured outside of normal Embassy
procurement channels. IMO & GSO will ensure that all NAS and RSO
personnel understand Post's policies. IMO has taken over the
management of NAS laptop inventory to ensure all NAS laptops are
properly inventoried.
3. OIG Recommendation 4. OIG recommends that Embassies Bogota and
Mexico City require the Information Management Officer to submit
the results of the next physical inventory of laptop computers,
along with the accompanying reconciliation of the official
inventory with the Information Management Officer's unofficial
inventory, to the Bureau of Information Resource Management and the
Office of Inspector General.
Agree. GSO and IRM will match laptop inventories on a quarterly
basis and ensure all laptops, however or by whoever procured are
entered into the ILMS inventory. IMO is now responsible for
complete management of all State Department laptops.
4. OIG Recommendation 7. OIG recommends that Embassies Bogota,
Mexico City, Rome, and Vienna require the Information Management
Officer to ensure compliance with laptop loan out procedures and
the proper preparation of supporting documentation.
Agree. IMO will assure that per the OIG draft report, ref B, since
"Most of the documents were in the NAS, where officials said that
they were not aware of the requirement to have authorizing
Signatures." NAS officials are aware of the requirement. Ref B
also states that "OIG informed the NAS chief that all laptop loans
required a supervisory authorizing official to sign the forms, and
he agreed to ensure that this was done in the future." IMO is now
responsible for all NAS laptops and will ensure these laptops
adhere to all Post and Department procedures.
5. OIG Recommendation 9. OIG recommends that Embassy Bogota
require the Information Management Officer and the General Services
Officer to investigate the disposition of each missing laptop and
prepare the required documentation as necessary. The Bureau of
Information Resource Management and the Office of the Inspector
General should then be notified with the accompanying
documentation.
Agree. Per Ref B "this occurred because the Embassy's NAS and GSO
did not follow required Department procedures for reporting missing
laptop...NAS should have reported these losses immediately to the
IMO." This recommendation also relates back to recommendation 2
where "all laptops are properly entered into the post inventory
system". Once this occurs IMO can ensure all laptops are counted
and missing laptops properly disposed of. Per Ref B, "During its
visit, OIG informed NAS and the GSO of the need to immediately
report the missing laptops to cognizant officials for appropriate
actions...In March 2009, the NAS prepared the required property
disposal reports for its five laptops." IMO will remind NAS and
GSO of the reporting requirement for missing property as directed
in FAM. IMO is now responsible for all laptops so this issue
should never recur.
6. OIG Recommendation 11. OIG recommends that Embassies Bogota,
Mexico City, Rome, Tokyo, and Vienna and the American Institute in
Taiwan require the Information Management Officer to ensure that
all laptop users receive the annual cyber security awareness
briefing and to maintain documentation to support that the briefing
was presented.
Agree. IMO is now managing the complete laptop program. Since all
laptop users will be subject to procedures outlined in Ref B there
should be no unsigned acknowledgement forms. By signing the form
DS-7642 Mobil Computing and Data Storage Request, the user
acknowledges that the briefing has been completed.
7. OIG Recommendation 13. OIG recommends that Embassy Bogota and
the American Institute in Taiwan require the Information Management
Officer to comply with the provisions of the Foreign Affairs
Handbook (12 FAH-6 H-542.5-10) for hard drive disposition and the
proper preparation of laptop shipping documentation.
Agree. Per Ref B, "During FY 2008, Embassy Bogota's NAS disposed
of 14 laptops through auction, but the NAS did not follow the
Department's regulation for the proper
disposition of hard drives. The FAH (12 FAH-6 H-542.5-10) requires
all hard drives to be sent via classified pouch to IRM for
disposition. NAS officials said that the hard drives had been
erased with Department-approved software to remove any information
prior to sale. However, all hard drives must be sent via classified
pouch to IRM for disposition. The NAS officials further stated that
they were unaware of the requirement to send the hard drives to IRM
and that it was the NAS's understanding that embassies and posts
were allowed to sanitize hard drives and to destroy them in
accordance with local procedures."
IMO is now managing the laptop program including all NAS laptops.
Disposition of all NAS laptops and hard drives will comply with the
provisions of 12 FAH-6 H-542.5-10.
8. OIG Recommendation 15. OIG recommends that Embassies Bogota,
Mexico City and Vienna require the Information Management Officer
to comply with Department of State policy to encrypt all laptops or
to obtain waivers when there is a valid operational justification.
Agree. IMO is now managing the laptop program and all laptops are
encrypted. NAS and RSO laptops that were too old for encryption
have been disposed.
9. Post appreciates the opportunity to participate in this
overseas review and correct noted deficiencies.
BROWNFIELD