Skip to main content
Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation
Advanced Search
Search form
Search
Reports
OIG Reports
State/Local Homepage
State and Local Reports
Recommendations
Investigations
Investigative Press Releases
Disaster Oversight
IG Vacancies
About
Inspector General Open Recommendations
12/21/2021
-
Defense Nuclear Facilities Safety Board
Independent Evaluation of the DNFSB’S Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021
[Report Details]
Inspection / Evaluation
-
Open Recommendations
10
Conduct the agency’s annual breach response plan exercise for FY 2021.
9
Update agency strategic planning documents to include clear milestones for implementing strong authentication, the Federal ICAM architecture and OMB M-19-17, and phase 2 of DHS's Continuous Diagnostics and Mitigation (CDM) program.
8
Continue efforts to implement data loss prevention functionality for the Microsoft Office 365 environment.
7
Implement automated mechanisms (e.g., machine-based, or user-based enforcement) to support the management of privileged accounts, including for the automatic removal/disabling of temporary, emergency, and inactive accounts, as appropriate.
4
Define a Supply Chain Risk Management strategy to drive the development and implementation of policies and procedures for: a. How supply chain risks are to be managed across the agency; b. How monitoring of external providers compliance with defined cybersecurity and supply chain requirements; c. How counterfeit components are prevented from entering the DNFSB supply chain.
3
Update the Risk Management Framework to reflect the current roles, responsibilities, policies, and procedures of the current DNFSB environment, to include: a. Defining a frequency for conducting Risk Assessments to periodically assess agency risks to integrate results of the assessment to improve upon mission and business processes.
2
Using the results of recommendations one above: a. Utilizing guidance from the National Institute of Standards in Technology (NIST) Special Publication (SP) 800-55 (Rev. 1) – Performance Measurement Guide for Information Security to establish performance metrics to manage and optimize all domains of the DNFSB information security program more effectively; b. Implement a centralized view of risk across the organization; c. Implement formal procedures for prioritizing and tracking POA&Ms to remediate vulnerabilities.
1
Update the ISA and use the updated ISA to: a. Assess enterprise, business process, and information system level risks; b. Update enterprise, business process, and information system level risk tolerance and appetite levels necessary for prioritizing and guiding risk management decisions.
12/20/2021
-
Department of Veterans Affairs
Vet Center Inspection of Pacific District 5 Zone 2 and Selected Vet Centers
Open Recommendations
6
The District Director ensures lethality risk assessments are completed on the first clinical visit and monitors compliance across all zone vet centers.
4
The District Director evaluates the process for resolution of administrative quality review deficiencies and initiates action as necessary.
12/20/2021
-
Department of Veterans Affairs
MISSION Act Market Assessments Contain Inaccurate Specialty Care Workload Data
Open Recommendations
1
The OIG recommended that the acting under secretary for health perform additional analyses to ensure materially accurate specialty care workload data are used to implement the Asset and Infrastructure Review Commission recommendations.
12/20/2021
-
Nuclear Regulatory Commission
Independent Evaluation of the NRC’s Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021
[Report Details]
Inspection / Evaluation
-
Open Recommendations
18
Update and implement procedures to coordinate contingency plan testing with ICT supply chain providers.
17
Integrate metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans, such as organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization.
16
Conduct an organizational level BIA to determine contingency planning requirements and priorities, including for mission essential functions/high value assets, and update contingency planning policies and procedures accordingly.
14
Implement the technical capability to restrict NRC network access for employees who do not complete annual security awareness training and, if applicable, their assigned role-based security training.
13
Implement the technical capability to restrict access or not allow access to the NRC’s systems until new NRC employees and contractors have completed security awareness training and role-based training as applicable or implement the technical capability to capture NRC employees and contractor’s initial login date so that the required cybersecurity awareness and role-based training can be accurately tracked and managed by the current process in place.
11
Update user system access control procedures to include the requirement for individuals to complete a non-disclosure and rules of behavior agreements prior to the individual being granted access to NRC systems and information.
8
Develop and implement role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components.
7
Implement processes for continuous monitoring and scanning of counterfeit components to include configuration control over system components awaiting service or repair and serviced or repaired components awaiting return to service.
6
Document and implement policies and procedures for prioritizing externally provided systems and services or a risk-based process for evaluating cyber supply chain risks associated with third party providers.
Pages
« first
‹ previous
…
417
418
419
420
421
422
423
424
425
…
next ›
last »