The Department of Justice (DoJ) Office of Inspector General (OIG) is calling out the agency for not having an updated AI strategy, as the agency’s latest public AI strategy dates back to 2020. […]
The Office of Personnel Management (OPM) received a mostly positive Federal Information Security Modernization Act (FISMA) audit from its Office of the Inspector General (OIG) this year, but the agency still needs to fill some security gaps – such as improving its IT security training program. […]
The Peace Corps – an independent Federal agency that dispatches volunteers around the world – has made “significant progress” in enhancing its information security posture over the past year, but it is “falling short” of meeting what the White House defines as an “effective level of security.” […]
A new report out this week by the Federal Housing Finance Agency’s (FHFA) Office of Inspector General (OIG) found that FHFA’s network has “serious vulnerabilities that increase the likelihood that hacking attempts will succeed.” […]
The General Services Administration (GSA) Inspector General (IG) has found that the acquisition agency in 2022 purchased Chinese-manufactured videoconference cameras with known security vulnerabilities. […]
A new report from the the Department of Homeland Security (DHS) Office of Inspector General (OIG) indicates that the agency needs better management of its biometric data capabilities. […]
The Office of the Inspector General (OIG) at the Board of Governors of the Federal Reserve System (FRB) found in its latest evaluation report that the board needs to clarify its cybersecurity incident response processes to effectively respond to cyber incidents at institutions that FRB supervises. […]
The Department of Energy (DoE) has not been keeping up with adequately monitoring and authorizing its cloud services, according to a new report released by the agency’s Office of Inspector General (OIG). […]
The Federal Deposit Insurance Corporation (FDIC) – which has been much in the news in recent weeks due to banking sector turmoil – has more work to do to improve security of its user identification and authentication technology, according to the agency’s inspector general. […]
Jeff Robinson has been tapped to be the new assistant director for Cybersecurity and Information Technology Audits at the Department of Health and Human Services (HHS) Office of the Inspector General (OIG), according to his LinkedIn account. […]
The Federal Deposit Insurance Corp (FDIC) needs to figure out better ways to effectively assess cybersecurity concerns at the financial institutions that it regulators, according to a recent report from the agency’s Office of Inspector General (OIG). […]
Top Federal officials from largely public-facing agencies explained at a Dec. 1 GovExec event how zero trust security, if adopted correctly, will inherently end up improving customer experience (CX). […]
A team of government-contracted “red team” hackers managed to gain unauthorized and undetected control of critical Census Bureau systems in a simulated attack test revealing major cybersecurity weaknesses within the Federal agency, according to a new report by the Commerce Department Office of Inspector General (IG). […]
The Internal Revenue Service (IRS) has not been doing enough to ensure that one of its vendors’ security and antivirus software is up to date, according to the agency’s internal watchdog. […]
A new audit released by the Department of Veterans Affairs (VA) Office of Inspector General (OIG) is predicting that the agency will reach full compliance with its obligations under the Geospatial Data Act in the near future. […]
The Department of Labor’s (DoL) Office of Inspector General (OIG) determined that the agency – along with state workforce agencies – has paid more than $45 billion in unemployment insurance (UI) pandemic benefits to fraudsters, according to an alert memorandum published on Sept. 21. […]
The Department of Veteran Affairs (VA) was served a management advisory memorandum from the VA Office of the Inspector General (OIG) due to faulty electronic systems that improperly collected debt, according to a report released on September 7. […]
The Office of the Inspector General (OIG) at the Department of State (DOS) said that the agency has not been complying with the Geospatial Data Act of 2018 (GDA) in its latest report from late August. […]
Senior staff at the Department of Veterans Affairs (VA) responsible for overseeing new training for the electronic health record (EHR) system at the Mann-Grandstaff VA Medical Center in Spokane, Wash., submitted inaccurate data to inspectors, according to a new report from the VA’s Office of Inspector General (OIG). […]
A review by the Department of Veterans Affairs (VA) Office of Inspector General (OIG) found that an Oracle Cerner-designed element of the VA’s new electronic health records management (EHRM) system has resulted in cases of patient harm. […]
The Defense Department (DoD) Inspector General (IG) released a list of the top management and performance challenges facing the DoD in fiscal year (FY) 2022, including strengthening DoD cyberspace operations. […]
In a new report, the Department of Veterans Affairs (VA) Office of Inspector General (OIG) found that the agency’s first deployment site for its Electronic Health Records Modernization (EHRM) program lacks access to critical EHR metrics, and said that puts the hospital’s accreditation status at risk. […]
A Small Business Administration (SBA) Office of Inspector General (OIG) report summarizing the results of its fiscal year (FY) 2021 Federal Information Security Modernization Act (FISMA) evaluation rates SBA’s overall program of information security as “not effective.” […]
A new report from the United States Postal Service (USPS) Office of Inspector General (OIG) is calling on the agency to improve its online identity verification controls after finding the number of fraudulent change of addresses (COAs) has increased by 167 percent. […]
The Government Accountability Office (GAO) needs to do more work to protect data and systems through privacy program improvements, an agency Office of Inspector General (OIG) report found. […]
NASA officials will consider implementing an insider threat program to cover its unclassified systems and data following release of a recent study by the NASA Office of Inspector General (OIG) that found including unclassified systems may better protect agency resources. […]
The Environmental Protection Agency (EPA) should attempt to consistently track COVID-19 pandemic-related grant flexibilities and implement a plan for electronic grant file storage, an EPA Office of Inspector General (OIG) report said. […]
According to a recent audit by the Department of Commerce Inspector General (IG), the National Oceanic and Atmospheric Administration’s (NOAA) current program launch plans may be increasing risk in the development of its environmental satellites. […]
Facing over $4.6 billion in potentially fraudulent Paycheck Protection Program (PPP) loans and continuing challenges with IT investments, the Small Business Administration (SBA) has yet to meet its goal to revise the agency’s Certify system by the end of 2021, according to SBA Inspector General Hannibal “Mike” Ware. […]
Information security remains a prevalent concern for the State Department based on numerous previous recommendations regarding fundamental information technology-related issues that still require close attention, according to a recent agency Office of Inspector General (OIG) report.
The report assesses 107 unclassified, open OIG recommendations from 19 reports addressed to the Bureau of Information Resource Management (IRM) as of July 30, 2021. OIG found that IRM had addressed three of the 107 recommendations and closed one duplicative recommendation related to risk management, one related to data protection and privacy, and one related to general IT policies. Additionally, OIG closed 14 recommendations in August 2021 as part of its normal compliance process.
However, the remaining 90 recommendations – 57 percent of which dated back to fiscal 2019 or earlier – remain relevant and require “close attention to close them,” the report read.
A larger number of the recommendations involve configuration management of products and systems to ensure information security. The other unaddressed recommendations pertain to several areas including as risk management, IT investments, contingency planning, and shared services.
To facilitate closing the remaining recommendations addressed to IRM, OIG made two recommendations to Carol Perez, the agency’s under secretary for management. OIG recommended her office develop a method for periodically reviewing IRM’s efforts – and indicated that step has since been taken.
OIG also recommended that Perez’s office verify IRM plans of action and milestones (POA&M) documented for all 90 recommendations. However, Perez disagreed with that recommendation, explaining that if the end goal is for IRM to solve open recommendations, developing an individual action plan for each recommendation is “overly cumbersome.”
“IRM’s staff, time, and resources are better spent working on compliance-related activities, maintaining a high standard of day-to-day operations, and communicating directly with OIG,” Perez wrote in her response to OIG.
However, OIG argued that under guidance from the National Institutes of Standards and Technology, agencies are required to develop a POA&M, and that Perez must submit a POA for the recommendation. […]