Report: Education Department's IT Security is 'Not Generally Effective'

The United States Department of Education’s Office of Inspector General has found in a recent report that the department’s overall information technology security is “not generally effective” in meeting several federal requirements. The ed department (ED) and its Federal Student Aid (FSA) office scored only 53 points out of 100 in a recent security audit.

The report, published Monday, found that during a fiscal year 2016 audit, the ED was not generally effective in the following three security functions: protect, detect and respond.  

In the security function called “protect,” the ed department scored 7 points out of 20. In the function titled “detect,” the department scored 3 points out of 20. And in the function dubbed “respond,” the department again scored only 3 points out of 20.

The Office of Inspector General found that the ED and FSA were generally effective in two of five security functions: identify and recover.

The report also found that the ED had made some improvements since its fiscal year 2015 audit. However, “weaknesses remained” and “the Department and FSA’s information systems continued to be vulnerable to security threats.” 

The report detailed some specific weaknesses, namely:

  • Select policies and procedures are not current with National Institute of Standards and Technology and departmental guidance;
  • Appropriate application connection protocols were not being used;
  • The department is unable to prevent unauthorized devices from being connected to the network;
  • The implementation and management of the technical security architecture supporting the department’s and FSA’s applications require strengthening to more effectively restrict unauthorized access to information resources; and
  • The Office of the Chief Information Officer and FSA did not implement remedial actions for previously identified security weaknesses and did not establish a proactive enterprise-wide process to fix similar vulnerabilities identified during previous audits.

The report offers 15 recommendations, six of which are repeat recommendations, to assist the ED and FSA with increasing the effectiveness of their information security programs so they comply with federal requirements.

The report also states, “Although the (Ed) Department and FSA may have taken action on specific findings, systemic issues persist in these metric domains on an enterprise-level.”

The full report, titled “The U.S. Department of Education’s Federal Information Security Modernization Act of 2014 Report for Fiscal Year 2016,” is accessible for free on the ED’s website.

About the Author

Richard Chang is associate editor of THE Journal. He can be reached at [email protected].

Featured

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  •  black graduation cap with a glowing blue AI brain circuit symbol on top

    Report: AI Is a Must for Modern Learners

    A new report from VitalSource identifies a growing demand among learners for AI tools, declaring that "AI isn't just a nice-to-have; it's a must."

  • digital network with glowing blue and red lines, featuring multiple red arrows shifting in different directions

    Report: Attackers Change Tactics as Ransomware Payoffs Decline

    Attackers are changing tactics as they collect less money from ransomware payoffs, according to a new report from Chainalysis, a blockchain analytics firm.

  • digital textbooks displayed on multiple tablets

    Faculty Need Training, Time, and Tools to Make Course Content Accessible, Survey Finds

    In a recent survey by Anthology, only one in five faculty (22%) said they consistently consider accessibility when designing course materials. And just 11% felt they had the right tools and training to create accessible course content.