Use of Vendor-Supported Technology

Issued Date
December 12, 2019
Agency/Authority
Niagara Frontier Transportation Authority

Objective

To determine whether the Niagara Frontier Transportation Authority (NFTA) was complying with requirements to maintain its systems at vendor-supported levels. The audit covered the period June 24, 2019 through August 29, 2019.

About the Program

NFTA is a New York State public benefit corporation responsible for public transportation in Erie and Niagara counties, including operation of the Metro Bus and Rail System, Buffalo Niagara International Airport, and Niagara Falls International Airport. NFTA has approximately 1,500 employees, including an information technology (IT) department that operates out of its main office. To help carry out its mission, NFTA owns IT resources, including desktops/workstations, servers, and databases.  

As a public benefit corporation, NFTA must adhere to the State Information Security Policy (Policy) established by the State Office of Information Technology Services. The Policy defines the minimum information security requirements that all State entities (including public benefit corporations) must follow to secure and protect the confidentiality, integrity, and availability of information. This includes requirements for ensuring systems are maintained at vendor-supported levels (i.e., systems continue to be updated and patched by the system’s vendor).

Key Findings

  • We determined that, generally, NFTA maintained its systems at vendor-supported levels. However, we did identify unsupported systems used by NFTA on 66 devices.
  • NFTA officials have not developed policies and procedures to ensure that its systems are regularly reviewed and kept up to date.

Key Recommendations

  • Take steps to ensure that systems are maintained at vendor-supported levels such as developing policies and procedures related to software updates and vulnerability analysis.
  • Implement the remaining recommendations detailed in the preliminary report.

Brian Reilly

State Government Accountability Contact Information:
Audit Director: Brian Reilly
Phone: (518) 474-3271; Email: [email protected]
Address: Office of the State Comptroller; Division of State Government Accountability; 110 State Street, 11th Floor; Albany, NY 12236