Friday, December 20, 2013

"This is the first time a government insider has gone on record challenging the administration's insistence that there were no worrisome security concerns."

"Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), revealed the findings when she was interviewed Tuesday behind closed doors by House Oversight Committee officials..."

Security bombshell #1:
Details are not being made public for security reasons but Fryer testified that one vulnerability in the system was discovered during testing last week related to an incident reported in November. She says that as a result, the government has shut down functionality in the vulnerable part of the system. Fryer said the other high-risk finding was discovered Monday.
Security bombshell #2:
In another security bombshell, Fryer told congressional interviewers that she explicitly recommended denial of the website’s Authority to Operate (ATO), but was overruled by her superiors. The website was rolled out amid warnings Fryer said she gave both verbally and in a briefing that disclosed “high risks” and possible exposure to “attacks”.

Fryer also said that she refused to put her name on a letter recommending a temporary ATO be granted for six months while the issues were sorted out.
READ MORE

No comments:

Post a Comment