A new Office of Inspector General (OIG) report found that the U.S. International Trade Commission is successfully managing the Windows operating system software on its ITCNet system.
“The Windows environment supports the day-to-day operations of the Commission by running software on devices such as laptops, desktops, and servers,” the report said. “Because these devices are constantly running software on the Commission’s network, it is important for the Commission to effectively manage all its Windows software to reduce security risks.”
In managing the system software, the Commission keeps a list of approved Windows software and uses a whitelisting tool, AppLocker, to identify unmanaged or unauthorized software. If a user needs to add software to the approved list, the Commission’s CIO uses a process for users to request needed software; conducts a risk management assessment to identify interoperability and security issues; and weighs the benefits and risks of adding the software to the list.
The OIG report listed two areas for improvement for the Commission, and offered two related recommendations to which the Commission agreed.
The two areas for improvement are:
- Having web browser extensions managed as software; and
- Establishing a periodic review of unsupported Windows software.
The first recommendation is for the Commission to “establish a process for Windows web browser extensions to be authorized to be installed on ITCNet.” The second recommendation includes developing “a process to detect and mitigate unsupported Windows software on the network.”