Information security remains a prevalent concern for the State Department based on numerous previous recommendations regarding fundamental information technology-related issues that still require close attention, according to a recent agency Office of Inspector General (OIG) report.

The report assesses 107 unclassified, open OIG recommendations from 19 reports addressed to the Bureau of Information Resource Management (IRM) as of July 30, 2021. OIG found that IRM had addressed three of the 107 recommendations and closed one duplicative recommendation related to risk management, one related to data protection and privacy, and one related to general IT policies. Additionally, OIG closed 14 recommendations in August 2021 as part of its normal compliance process.

However, the remaining 90 recommendations – 57 percent of which dated back to fiscal 2019 or earlier – remain relevant and require “close attention to close them,” the report read.

A larger number of the recommendations involve configuration management of products and systems to ensure information security. The other unaddressed recommendations pertain to several areas including as risk management, IT investments, contingency planning, and shared services.

To facilitate closing the remaining recommendations addressed to IRM, OIG made two recommendations to Carol Perez, the agency’s under secretary for management. OIG recommended her office develop a method for periodically reviewing IRM’s efforts – and indicated that step has since been taken.

OIG also recommended that Perez’s office verify IRM plans of action and milestones (POA&M) documented for all 90 recommendations. However, Perez disagreed with that recommendation, explaining that if the end goal is for IRM to solve open recommendations, developing an individual action plan for each recommendation is “overly cumbersome.”

“IRM’s staff, time, and resources are better spent working on compliance-related activities, maintaining a high standard of day-to-day operations, and communicating directly with OIG,” Perez wrote in her response to OIG.

However, OIG argued that under guidance from the National Institutes of Standards and Technology, agencies are required to develop a POA&M, and that Perez must submit a POA for the recommendation. […]

health

A recent report from the Department of Veterans Affairs (VA) Office of Inspector General (OIG) revealed limitations with the VA’s patient scheduling system, a component of the agency’s new electronic health record (EHR) system. […]

State Department
us passport government publishing office gpo
State Department

The State Department’s Office of the Science and Technology Adviser (STAS) has been an asset for the State Department in the ten years since its inception. Still, a failure to develop implementation plans and constant personnel and leadership turnover hampered the agency’s overall effectiveness, according to a recent audit from the department’s Office of Inspector General (OIG). […]

The Office of Inspector General (OIG) at the U.S. Agency for International Development (USAID) found the agency needs to do more to strengthen its privacy program in order to better protect personally identifiable information (PII) and mitigate the risk of a privacy breach. […]

State Department

The State Department’s Office of Inspector General (OIG) has found in a follow-up audit that the agency’s Bureau of Information Resource Management (IRM) has taken corrective action on one of several recommendations the OIG made in 2016 to improve IT management practices, but said the bureau still has work to do on another four recommendations. […]

No Category Set!

The Small Business Administration (SBA) Office of the Inspector General (OIG) said in its newly released annual Federal Information Security Modernization Act (FISMA) report for Fiscal Year 2020 that SBA’s  information security was “not effective” last year due in part to the COVID-19 pandemic. […]

Cybersecurity cyber

A Department of Defense (DoD) Office of Inspector General (OIG) report found that 3D printers pose a cybersecurity risk to the agency, after discovering DoD employees were not properly securing the IT systems used to develop 3D products, and were unaware the 3D printers even had IT systems that could be hacked. […]

Federal money spending government

Federal Offices of Inspectors General (OIGs) saved the government an estimated $53 billion through investigations in fiscal year 2020, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) reported in its annual report to Congress and the President. […]

IT

Federal Inspectors General have the crucial task of agency oversight, often handling that job for large agencies while operating on relatively small budgets. To keep up with their responsibilities amid the COVID-19 pandemic, IG offices have had to leverage new technologies – and old technologies in new ways – over the past year-plus, IG officials explained today. […]

State Department
DHS

The Department of Homeland Security’s (DHS) Office of the Inspector General (OIG) has flagged several ongoing IT management issues at the agency as part of its annual report of major management and performance challenges facing DHS. […]

Department of Transportation
NASA

According to a new report by NASA’s Office of Inspector General (OIG), NASA is not adequately securing its networks from unauthorized access by IT devices, and has not fully implemented controls to remove or block unauthorized IT devices from accessing the agency’s networks and systems. […]

The Office of Personnel Management (OPM) made progress during Fiscal Year 2019 on cybersecurity issues, and closed eight prior recommendations from its Office of Inspector General (IG) during the year, according to the IG’s 2019 Federal Information Security Modernization Act (FISMA) audit. […]

The General Services Administration’s (GSA) financial and award data was of “higher” quality and in compliance with Office of Management and Budget (OMB), Treasury Department, and Digital Accountability and Transparency (DATA) Act standards as of late 2018, according to a GSA Office of Inspector General (OIG) report. […]

An Office of Inspector General (OIG) report released today says that one of the Federal Trade Commission’s (FTC) top management challenges is securing its information systems and networks from destruction, data loss, and compromise, based on an audit covering Fiscal Year 2018. […]

The Government Accountability Office’s (GAO) compliance with the Digital Accountability and Transparency Act (DATA Act) for the first quarter of FY2019 was timely and complete but still has room for improvement, according to a Sept. 27 Office of Inspector General (OIG) report. […]

With the upcoming release of the Federal Data Strategy’s final action plan on the horizon, Federal chief data officers (CDOs) agreed on Sept. 25 that the strategy holds plenty of promising features to advance their work, including an official CDO council that will help them share ideas and experiences. […]

A new report from the Federal Housing Finance Agency (FHFA) Office of Inspector General (OIG) finds that FHFA doesn’t have an agency-wide cybersecurity incident data analysis program based on a consistent data set, and that it lacks sufficient information to conduct trend or other time-series analyses for security purposes. […]

EPA Environmental Protection Agency

The Environmental Protection Agency’s (EPA) reorganization led to gaps in the agency’s compliance with IT policies for its Enterprise Customer Service Solution (ECSS) system, according to an EPA OIG report released August 19. […]

workforce federal workers industry-min

A Federal hiring freeze ordered in a January 2017 presidential memo resulted in “significant” staffing reductions across the State Department – including the inability to fill two Senior Executive Service cybersecurity positions, which then delayed implementing an enterprise risk management program for IT systems. […]

healthcare cyber-min

The Department of Veterans Affairs (VA) Office Inspector General (OIG) discovered in a July 31 report that a VA healthcare facility in Long Beach, California, failed to adhere to VA and Veterans Health Administration (VHA) privacy and security policies in the midst of a patient electronic health record (EHR) complication. […]

Categories