“Overall,” the report said, “ DHS components have followed department policy when configuring operating systems supporting their websites. Recommended security settings and controls were implemented consistently on the servers reviewed. In addition, sites using electronic authentication for web-based access were properly documented according to FISMA. However, patch management practices and periodic security assessments were not consistently being performed, resulting in numerous critical system vulnerabilities. These vulnerabilities could put DHS data at risk."
Source: Homeland Security Today