Submitting OIG:
Report Description:
Our objective was to identify the remaining Department Active Directories, which have not been reviewed by the Office of Inspector General (OIG), and summarize past OIG work related to the management of Active Directories. We found that a lack of adequate Active Directory security reviews caused similar issues across multiple Department bureaus and that the Department does not have a policy for regular Active Directory security reviews. Without effective security reviews, deficiencies will likely continue to exist within the Department, providing threat actors with additional potential attack paths to undermine the sensitive data and applications that are supported by Active Directories.
Date Issued:
Wednesday, March 8, 2023
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-23-013-A
Component, if applicable:
Office of the Secretary
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
1
View Document:
Attachment | Size |
---|---|
![]() | 676.79 KB |
Additional Details Link: