The General Services Administration is using social media tools to build a more participatory and collaborative government, but a GSA Inspector General report (.pdf) dated Sept. 28 finds the oversight of such tools lacking.
Auditors reviewed two public GSA social media websites and both needed additional oversight and monitoring, say report authors, in their fiscal 2011 audit of GSA's IT Security Program.
A GSA-managed wiki site was riddled with months-old spam postings because the site allowed new posts without GSA approval. "Automated programs and malicious users could post inappropriate information in the same manner," write report authors. These postings could be construed as endorsements, affect site usability and reflect poorly on the agency, note auditors.
Another website reviewed by auditors revealed a configuration weakness that exposed users' confidential communications, because web managers failed to follow web application security guidance. "Additionally, GSA's IT security guidance and social media guidance do not reference each other," write report authors.
GSA Chief Information Officer Casey Coleman concurred with the IG's recommendation that the agency improve the security of social media technologies. The report recommends GSA update social media and IT security policies to address social media-specific risks. Auditors also asked GSA to more closely review its social media properties and establish agencywide IT security standards for social media platforms.
- see the GSA IG report (.pdf)