Inspector General Open Recommendations
01/19/2016 - Department of Energy Audit Coverage of Cost Allowability for Brookhaven Science Associates LLC During Fiscal Years 2012 and 2013 Under Department of Energy Contract No. DE-AC02-98CH10886 Other - Open Recommendations
01/16/2016 - National Archives and Records Administration CliftonLarsonAllen, LLP Audit of NARA’s Compliance with FISMA, As Amended Audit - Open Recommendations
We recommend that NARA develop and implement formalized procedures to ensure for those systems utilized by NARA and managed by Cloud Service Providers, controls for which NARA has a shared responsibility should be reviewed on an annual basis, documented and assessed as to the impact to NARA of any risks that may be present.
We recommend that NARA complete the development, approval and deployment of baseline configurations which are currently in progress and ensure that systems are configured in accordance with best practices (including NIST-approved baselines), to include, but not limited to, always changing default credentials at the time of implementation.
We recommend that for future agreements, NARA should: Require that providers of external information system services comply with NARA information security requirements. Define and document government oversight and user roles and responsibilities with regard to external information systems, and Establish a process to monitor security control compliance by external service providers on an ongoing basis.
We recommend that NARA implement the following corrective actions: Complete efforts to implement the Net IQ Sentinel product. Develop and implement processes and procedures to monitor and at least weekly review user activity and audit logs (in accordance with NARA IT Security Requirements), on the network, RRS, B&A, ENOS-HMS and DCU systems that may indicate potential security violations. Ensure the procurement of new IT system hardware and software, which provides user authentication, includes a minimum set of audit logging controls and functionality in accordance with NARA’s IT Security Requirements, AU-2.
01/15/2016 - Department of Transportation FAA Reforms Have Not Achieved Expected Cost, Efficiency, and Modernization Outcomes Open Recommendations
Review and identify Federal and industry best practices and guidance from OMB and the Federal CIO that may be incorporated into AMS for acquiring major capital investments and IT systems, including the use of successive contracts that are separately priced and the use of modular concepts when planning and purchasing IT, and determine which are appropriate for incorporation into AMS.
- Open Recommendations
01/15/2016 - Department of Energy Management Letter on the Audit of the Department of Energy’s Consolidated Financial Statements for Fiscal Year 2015 Audit - Open Recommendations
01/14/2016 - U.S. Postal Service Access Controls over Mail Imaging Systems Audit - Open Recommendations
01/08/2016 - Department of Justice Report on Activities Under Section 702 of the FISA Amendments Act of 2008, September 2012 (January 8, 2016 version) Review - Open Recommendations
01/08/2016 - Department of Energy Bonneville Power Administration’s Real Property Services Audit - Open Recommendations
01/07/2016 - Department of Housing and Urban Development Niagara Falls CDBG Activities Audit - Open Recommendations
We recommend that the Director of the HUD's Buffalo Office of Community Planning and Development instruct City officials to provide documentation to adequately support that $70,538 disbursed and $150,000 obligated were for eligible costs. Any costs determined to be ineligible should be reimbursed from non-Federal funds.