FEMA, the agency that came under fire for its slow response to Hurricane Katrina in late August, is part of the DHS's Emergency Preparedness and Response (EP&R) Directorate.

Since the agency received the report from DHS Inspector General Robert Skinner in early August, it has developed and maintained many essential security controls for NEMIS, but much more work needs to be done, the report said.

Specifically, the report said that FEMA must implement effective procedures for granting, monitoring and removing user access to the data. The agency must also improve staff contingency training and testing, Skinner said.

In addition, the report cited vulnerabilities on NEMIS servers related to access rights and password administration that must be fixed.

NEMIS, which tracks potential disasters and coordinates response operations, is used by individuals and small businesses to apply for federal assistance. It also processes requests from states for funding of hazard mitigation projects.