Inspector General Open Recommendations
11/14/2016 - Office of Personnel Management Audit of the Office of Personnel Management’s Fiscal Year 2016 Consolidated Financial Statements Audit - Open Recommendations
Grant Thornton recommends that OPM review audit logs on a pre-defined periodic basis for violations or suspicious activity and identify individuals responsible for follow-up or evaluation of issues to the Security Operations Team for review. The review of audit logs should be documented for record retention purposes.
Grant Thornton recommends that OPM system owners establish a methodology to systematically track all configuration items that are migrated to production, and be able to produce a complete and accurate listing of all configuration items for both internal and external audit purposes, which will in turn support closer monitoring and management of the configuration management process.
11/10/2016 - Department of State Audit of the Department of State Vetting Process for Syrian Non-Lethal Assistance Open Recommendations
OIG recommends that the Under Secretary for Management consolidate and codify all current Syria vetting policies issued by the Department and bureaus into one detailed guidance explaining specifically how the vetting process should be carried out for Syrian awards. This consolidated guidance should be distributed to all bureaus once completed.
- Open Recommendations
11/10/2016 - Department of Energy Department of Energy’s Actions to Address Worker Concerns Regarding Vapor Exposures at the Hanford Tank Farms Other - Open Recommendations
11/10/2016 - Department of Defense Application Level General Controls for the Defense Cash Accountability System Need Improvement Audit - Open Recommendations
Rec. A.1.c.1: The DoD OIG recommended that the Director of Business Enterprise Information Services and Other Systems, Defense Finance and Accounting Service, develop and implement procedures to require Information System Security Officers to comply with the certification requirements established in DoD Manual 8570.01-M, "Information Assurance Workforce Improvement Program."
11/10/2016 - Consumer Financial Protection Bureau 2016 Audit of the CFPB's Information Security Program Audit - Open Recommendations
11/09/2016 - Department of Transportation DOT Continues to Make Progress, but the Department’s Information Security Posture Is Still Not Effective Open Recommendations
Take action to work with all OAs to perform a thorough CSAM quality review to ensure system documentation matches what is entered into CSAM. At a minimum, the review should verify that: (1) system authorization dates in CSAM match what is approved by the authorizing official; (2) POAMs are created and reported once a security weakness is found; and (3) authorizing officials are provided accurate documentation on all risks accepted.