Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation

Capstone Report: Effective Reviews Are Needed to Enhance the Security Posture of the Department’s Active Directories

Submitting OIG: 
Department of Commerce OIG
Report Description: 
Our objective was to identify the remaining Department Active Directories, which have not been reviewed by the Office of Inspector General (OIG), and summarize past OIG work related to the management of Active Directories. We found that a lack of adequate Active Directory security reviews caused similar issues across multiple Department bureaus and that the Department does not have a policy for regular Active Directory security reviews. Without effective security reviews, deficiencies will likely continue to exist within the Department, providing threat actors with additional potential attack paths to undermine the sensitive data and applications that are supported by Active Directories.
Date Issued: 
Wednesday, March 8, 2023
Agency Reviewed / Investigated: 
Department of Commerce
Submitting OIG-Specific Report Number: 
OIG-23-013-A
Component, if applicable: 
Office of the Secretary
Location(s): 
Agency-Wide
Type of Report: 
Audit
Questioned Costs: 
$0
Funds for Better Use: 
$0
Number of Recommendations: 
1
View Document: 
AttachmentSize
PDF icon OIG-23-013.pdf676.79 KB
Additional Details Link: 
https://www.oig.doc.gov/Pages/Capstone-Report-Effective-Reviews-Are-Needed-to-En…

Related Open Recommendations

Recommendation Number Recommendation Status Significant Recommendation Additional Details
1 Open Yes
We recommend that the Deputy Secretary of Commerce direct the Department's Chief Information Officer to establish a Department-wide policy for periodic reviews of Active Directories to include frequency of review and use of specialized tools.
Displaying 1 of 1 Recommendations