Submitting OIG:
Report Description:
For our final report on the audit of the National Oceanic and Atmospheric Administration’s (NOAA’s) management of its Active Directories, our audit objective was to determine whether NOAA has adequately managed its Active Directories to protect mission critical systems and data. To address this objective, we utilized a specialized Active Directory assessment tool and evaluated fundamental security practices, relationships, and configurations to determine whether any deficiencies existed within each Active Directory. Overall, we found that NOAA inadequately managed its Active Directories. Specifically, we found the following: I. excessive privileges could increase the risk of a successful compromise; II. inadequately managed accounts provided more opportunities for cyberattacks; and III. end-of-life operating systems were vulnerable to security exploitation.
Date Issued:
Thursday, February 3, 2022
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-22-018-A
Component, if applicable:
National Oceanic and Atmospheric Administration
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
5
View Document:
Attachment | Size |
---|---|
OIG-22-018.pdf | 2.32 MB |
Additional Details Link: