Determine whether Highland Falls-Fort Montgomery Central School District (District) officials adequately managed and secured network user accounts.
The Technology Department could improve how they manage and secure network user accounts. Specifically:
- They did not establish comprehensive written procedures for managing network user accounts.
- Forty-eight network user accounts, including 22 non-student accounts, 16 generic accounts, and 10 student accounts, were unneeded and should have been disabled.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Establish comprehensive written procedures for managing network user accounts.
- Regularly review enabled network user accounts and ensure that unneeded user accounts are immediately disabled.
District officials agreed with our recommendations and have indicated they planned to initiate corrective action.