Reports > USPTO Annual Reports
Collage showing images with one-word descriptors from the U S P T O Fiscal Year 2008 Performance and Accountability Report cover that reinforces the reportís tagline of Transforming for the Future Today.
Performance and Accountability Report Fiscal Year 2008
Other Accompanying Information

Table of Contents | Management | Financial | Auditor | IG | Other

Management and Performance Challenges Identified by the Inspector General

The Inspector General’s Statement of Management Challenges

We are providing the management challenges for the United States Patent and Trademark Office in accordance with the provisions of the Reports Consolidation Act of 2000 (PL 106-531). Detailed information about our work is available on our Web site at: http://www.oig.doc.gov/

Inspector General
Todd J. Zinser

Strengthen Information Security

The Federal Information Security Management Act (FISMA) requires that we annually assess USPTO’s efforts to safeguard data processed by its computer systems and networks. The continuing expansion of information technology means federal agencies face ever-increasing challenges in performing their missions while providing for the security of their sensitive information. Since enactment of FISMA in 2002, agencies have spent millions of dollars to improve the security of information on their computer systems and shared via the Internet. Yet weaknesses persist and breaches continue. At USPTO, IT security is a material weakness under the Federal Managers Financial Integrity Act.

The system security certification process is supposed to provide officials with complete, accurate, and trustworthy information on a system’s security status so they can make timely, credible, risk-based decisions on whether to authorize operation. Our FISMA review of USPTO’s certification and accreditation (C&A) packages continues to find weaknesses. Two USPTO packages were available for our FY 2008 review—one for an agency system and one for a contractor system. Both lacked sufficient evidence to confirm that operational and technical controls are in place and operating as intended, leaving certification agents and authorizing officials without adequate information about remaining vulnerabilities. Therefore, we recommend that USPTO again report IT security as a material weakness.

We did find, however, that USPTO is working more effectively than in past years to improve the C&A process, so we increased the rating of the quality of the process to satisfactory in our FY 2008 FISMA report. USPTO is participating with the Department in the adoption of the Cyber Security Assessment and Management (CSAM) tool, which should provide consistency and repeatability in C&A as well as management visibility into the process. The agency plans to fully use CSAM in FY 2009. Other improvements include achieving better compliance with NIST’s C&A guidance; implementing improved control assessment methods and tools; redefining system boundaries to strengthen security management; and providing independent review of all C&A packages to identify weaknesses.

USPTO needs to continue its improvement efforts and demonstrate results in better C&A packages.

< Previous Page | Next Page >

Is there a question about what the USPTO can or cannot do that you cannot find an answer for? Send questions about USPTO programs and services to the USPTO Contact Center (UCC). You can suggest USPTO webpages or material you would like featured on this section by E-mail to the webmaster@uspto.gov. While we cannot promise to accommodate all requests, your suggestions will be considered and may lead to other improvements on the website.