While the DOT has made some progress in its information security program, some systems remain vulnerable to significant security threats stemming from deficiencies in policies and procedures, enterprise-level controls, system controls and management of known security weaknesses, according to a recent audit report from the department’s office of the inspector general (IG). The IG made a number of recommendations.