Office of Information Technology Services

 

Skip to Content

Login   Subscribe   Site Index   Contact Us   Google Translate™

NYS Comptroller

THOMAS P. DiNAPOLI

Taxpayers' Guide to State and Local Audits

Office of Information Technology Services
Security and Effectiveness of Department of Motor Vehicles’ Licensing and Registration Systems (Follow-Up)


Issued: December 14, 2016
Link to full audit report 2016-F-15

Purpose
To determine the extent of implementation of the five recommendations included in our initial audit report, Security and Effectiveness of Department of Motor Vehicles’ Licensing and Registration Systems (2013-S-58).

Background
Our initial audit report, which was issued on September 19, 2014,determined whether the Department licensing and registrations systems were secure, operating effectively, and available to continue critical processing in the event of a disaster or mishap that disables normal processing.  We found that ITS and the Department  were not in compliance with Payment Card Industry (PCI) Data Security Standards that govern the systems that process credit card transactions.  We also found ITS did not comply with State cybersecurity policies and did not establish adequate processes for managing user access of Department systems.  The five recommendations covered PCI Data Security Standard compliance, policies addressing logging, controls over change management and user access, patching, and a succession plan for dated programming languages. 

Key Finding

  • Department officials have made some progress in correcting the problems we identified in the initial report. However, improvements are still needed. Of the five prior audit recommendations, two recommendations have been implemented and three recommendations have been partially implemented.

Key Recommendation

  • Officials are given 30 days after the issuance of the follow-up review to provide information on any actions that are planned to address the unresolved issues discussed in this review.                                                                               

Other Related Audits/Reports of Interest

Office of Information Technology Services: Security and Effectiveness of Division of Criminal Justice Services’ Core Systems (2014-S-24)
Office of Information Technology Services: Effectiveness of the Information Technology Transformation (2015-S-2)


State Government Accountability Contact Information:
Audit Director: John Buyce
Phone: (518) 474-3271; Email: StateGovernmentAccountability@osc.state.ny.us
Address: Office of the State Comptroller; Division of State Government Accountability; 110 State Street, 11th Floor; Albany, NY 12236