Determine whether Phelps-Clifton Springs Central School District (District) officials ensured network access controls were secure.
District officials did not ensure that the District’s network access controls were secure.
Officials did not:
- Regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled. As a result, we identified 139 unneeded user accounts, 36 unneeded generic or shared user accounts and five user accounts with unnecessary administrator permissions.
- Maintain hardware or software inventory records.
In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Regularly review network user accounts and disable those that are unnecessary.
- Maintain detailed, up-to-date inventory records for all computer hardware and software.
District officials agreed with our recommendations and indicated they have initiated or planned to initiate corrective action.