Sneak Preview: Audit Finds Security Issues With FEMA’s eGrants

December 11, 2015 | By Jerry Ashworth | Post a Comment

xsass_bookshot(The following was excerpted from a recent article in the Single Audit Information Service.) A recent Department of Homeland Security (DHS) Office of Inspector General audit found that the Federal Emergency Management Agency’s (FEMA’s) eGrants system lacked adequate security because it did not provide controlled access to individual grant recipients. Moreover, the inspector general added that FEMA’s proposed corrective action to address the deficiency still was insufficient to effectively strengthen system security.

Since Fiscal Year (FY) 2001, FEMA has provided Assistance to Firefighters Grant funds to help fire departments, emergency medical service organizations and other eligible recipients meet firefighting and emergency response needs. FEMA further provides grant funds for hiring, recruiting and retaining firefighters through the Staffing for Adequate Fire and Emergency Response grant program. The two programs combined have provided about $9.8 billion since 2001, according to FEMA data.

FEMA created the eGrants grant management database in 2003 for the Assistance to Firefighters Grant program to maintain information related to grant recipients and manage aspects of their grants. Although it was developed as a temporary database, FEMA still uses the system. Recipients use the system to manage and close out grants, while FEMA uses the system to administer grants and communicate with recipients.

DHS policy directives require that the agency’s internal information systems include automated security controls to ensure the individual accountability of users, including the use of usernames and passwords prior to access. It specifically adds that individual users must not share usernames and passwords.

The eGrants system, however, did not comply with DHS information system directive because access is not controlled or limited, the DHS inspector general found. “FEMA instructs its grantees to share eGrants usernames and passwords within the grantee’s organization and with outside entities, such as contractors who manage grants,” the inspector general said. “As a result, someone other than the primary point of contact can take action or make changes in eGrants without the grantee’s knowledge.” The inspector general added that other DHS offices have told FEMA that it should not authorize the operation of eGrants due to this “unacceptable level of risk,” yet the system continues to operate.

(The full version of this story has now been made available to all for a limited time on Thompson’s Grants Compliance Expert site.)

Views vs UniqueViews2015-11-162015-11-212015-11-262015-12-012015-12-06

ate Views UniqueViews
2015-11-11 0 0
2015-11-12 0 0
2015-11-13 0 0
2015-11-14 0 0
2015-11-15 0 0
2015-11-16 0 0
2015-11-17 0 0
2015-11-18 0 0
2015-11-19 0 0
2015-11-20 0 0
2015-11-21 0 0
2015-11-22 0 0
2015-11-23 0 0
2015-11-24 0 0
2015-11-25 0 0
2015-11-26 0 0
2015-11-27 0 0
2015-11-28 0 0
2015-11-29 0 0
2015-11-30 0 0
2015-12-01 0 0
2015-12-02 0 0
2015-12-03 0 0
2015-12-04 6 3
2015-12-05 0 0
2015-12-06 0 0
2015-12-07 4 2
2015-12-08 2 1
2015-12-09 2 1
2015-12-10 0 0

Post a Comment

Your email is never shared. Required fields are marked *