Skip to main content
Report File
Date Issued
Submitting OIG
Department of Commerce OIG
Other Participating OIGs
Department of Commerce OIG
Agencies Reviewed/Investigated
Department of Commerce
Components
Office of the Secretary
Report Number
OIG-23-013-A
Report Description

Our objective was to identify the remaining Department Active Directories, which have not been reviewed by the Office of Inspector General (OIG), and summarize past OIG work related to the management of Active Directories. We found that a lack of adequate Active Directory security reviews caused similar issues across multiple Department bureaus and that the Department does not have a policy for regular Active Directory security reviews. Without effective security reviews, deficiencies will likely continue to exist within the Department, providing threat actors with additional potential attack paths to undermine the sensitive data and applications that are supported by Active Directories.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
1
Questioned Costs
$0
Funds for Better Use
$0

Department of Commerce OIG

United States