Submitting OIG:
Report Description:
For our final report on the audit of the U.S. Census Bureau's (the Bureau's) incident response process, our audit objective was to assess the adequacy of the Bureau's process to respond to cybersecurity incidents according to federal and U.S. Department of Commerce requirements. We found the following: I. the Bureau missed opportunities to mitigate a critical vulnerability, which resulted in the exploitation of vital servers; II. the Bureau did not discover and report the incident in a timely manner; III. the Bureau did not maintain sufficient system logs, which hindered incident investigation; IV. the Bureau did not conduct a lessons-learned session; and V. the Bureau continued operating servers that were no longer supported by the vendor.
Short / Alternative Report Title:
The U.S. Census Bureau's Mishandling of a Cybersecurity Incident Demonstrated Opportunities for Improvement
Date Issued:
Monday, August 16, 2021
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-21-034-A
Component, if applicable:
U.S. Census Bureau
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
5
View Document:
Attachment | Size |
---|---|
OIG-21-034-Redacted.pdf | 3.64 MB |
Additional Details Link: