Inspector General Open Recommendations
07/08/2021 - Tennessee Valley Authority Strategic Real Estate Plan Inspection / Evaluation - Open Recommendations
ISS.3 - 2
07/08/2021 - Department of Homeland Security FEMA Initiated the Hurricane Harvey Direct Housing Assistance Agreement without Necessary Processes and Controls Disaster Recovery Report - Open Recommendations
We recommend the Associate Administrator, FEMA Office of Response and Recovery ensure its direct housing information system provides flexibility implementing alternative direct housing options; provides support to states, territories, and tribal governments administering direct housing assistance; and facilitates data exchange and sharing with non-FEMA information systems.
07/07/2021 - Department of Transportation MARAD Has Made Progress in Addressing NAPA Recommendations Related to Mission Focus, Program Alignment, and Ability To Meet Objectives Open Recommendations
07/07/2021 - Department of Veterans Affairs Unreliable Information Technology Infrastructure Cost Estimates for the Electronic Health Record Modernization Program Audit - Open Recommendations
Ensure costs for all information technology infrastructure upgrades funded by the Office of Information and Technology and the Veterans Health Administration or other sources needed to support the Electronic Health Record Modernization program are disclosed in program life-cycle cost estimates presented to Congress.
07/07/2021 - Tennessee Valley Authority Organizational Effectiveness – John Sevier Combined Cycle Plant Inspection / Evaluation - Open Recommendations
07/07/2021 - Department of Homeland Security FEMA Must Strengthen Its Responsibility Determination Process Audit - Open Recommendations
We recommend the FEMA Administrator develop and implement a consistent responsibility determination approach and quality control process to ensure FEMA contracting personnel meet FAR 9.104-1 requirements. This approach should be a baseline minimum of the steps necessary to determine contractor responsibility during disaster and non-disaster timeframes.
07/06/2021 - Smithsonian Institution Fiscal Year 2020 Independent Evaluation of the Smithsonian Institution’s Information Security Program Audit - Open Recommendations
For the information security program to be defined as effective under the FISMA maturity model, establish metrics and performance metrics to evaluate the effectiveness of configuration management, incident response, ISCM, and contingency planning policies and procedures, and processes to collect data, analyze results, and develop corrective actions.
Develop entity level procedures to ensure appropriate separation of duties and use of least privilege for privileged accounts. At a minimum, develop procedures to support the following processes: * Periodic review and adjustment of privileged user accounts and permissions, and * Inventorying and validating the scope and number of privileged accounts.
Update the IT-930-03 - Security Assessment & Authorization document to ensure that XXXXX is referenced instead of a documented system security plan to capture key system information, including but not limited to component inventories, security requirements, and security controls implementation details.