Skip to main content
Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation
Advanced Search
Search form
Search
Reports
OIG Reports
State/Local Homepage
State and Local Reports
Recommendations
Investigations
Investigative Press Releases
Disaster Oversight
IG Vacancies
About
Inspector General Open Recommendations
05/14/2024
-
Department of Veterans Affairs
Federal Information Security Modernization Act Audit for Fiscal Year 2023
[Report Details]
Audit
-
Open Recommendations
18
We recommended the Assistant Secretary for Information and Technology implement improved procedures to ensure that system outages and disruptions are tracked to specific system boundaries and that interdependent systems are considered for the purposes of tracking and measuring against stated system recovery time objectives.
17
We recommended the Assistant Secretary for Information and Technology implement improved procedures to enforce standardized system development and change control processes that integrates information security throughout the life cycle of each system.
16
We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments.
15
We recommended the Assistant Secretary for Information and Technology enhance procedures for tracking security responsibilities for networks, devices, and components not managed by the Office of Information and Technology to ensure vulnerabilities are remediated in a timely manner.
14
We recommended the Assistant Secretary for Information and Technology implement improved controls that restrict vulnerable medical devices from unnecessary access to the general network.
13
We recommended the Assistant Secretary for Information and Technology maintain a complete and accurate security baseline configuration for all platforms and ensure all baselines are appropriately monitored for compliance with established VA security standards.
12
We recommended the Assistant Secretary for Information and Technology implement improved processes for tracking and resolving vulnerabilities that cannot be addressed within policy timeframes. Implement more effective patch and vulnerability management processes to mitigate identified security deficiencies and reduce applicable security risks.
11
We recommended the Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers.
10
We recommended the Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are completed for applicable VA employees and contractors.
09
We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate investigation data within VA systems used for background investigations.
08
We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise.
07
We recommended the Assistant Secretary for Information and Technology implement periodic reviews to minimize accounts and permissions in excess of required functional responsibilities, and to remove unauthorized or unnecessary accounts.
06
We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security standards on domain controls, operating systems, databases, applications, and network devices.
05
We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documentation, including control assessments on a risk-based rotation or as needed. Such updates will ensure all required information is included and accurately reflects the current environment.
04
We recommended the Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated.
03
We recommended the Assistant Secretary for Information and Technology implement controls to ensure that system stewards and responsible officials obtain appropriate documentation prior to closing Plans of Action and Milestones.
02
We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system stewards and Information System Security Officers follow procedures for establishing, tracking, and updating Plans of Action and Milestones for all known risks and weaknesses including those identified during security control assessments.
01
We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the NIST Risk Management Framework. Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions.
05/13/2024
-
Export-Import Bank
Evaluation of EXIM’s Sub-Saharan Africa Mandate
[Report Details]
Inspection / Evaluation
-
Open Recommendations
9
EXIM’s Office of Policy Analysis and International Relations should conduct an analysis of the potential impacts of lowering the mandated domestic content policy for EXIM programs targeted to sub-Saharan Africa on U.S. jobs and present its findings to EXIM’s Board of Directors.
8
The Lead Office or Officials should devise a plan to directly engage U.S. businesses that are not already engaging with EXIM’s sub-Saharan Africa programs.
Pages
« first
‹ previous
1
2
3
4
5
6
7
8
9
…
next ›
last »