Submitting OIG:
Report Description:
For our final report on our audit of the U.S. Department of Commerce’s (the Department’s) security controls for cloud-based high value assets (HVAs), our objective was to verify that the Department implemented security controls for cloud-based HVAs in accordance with federal requirements. We found that the Department does not incorporate all customer responsibility controls for its cloud-based HVAs into system security plans.
Short / Alternative Report Title:
Missing Security Controls Put the Department's Cloud-Based High Value Assets at Risk
Date Issued:
Wednesday, September 14, 2022
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-22-031-A
Component, if applicable:
Office of the Secretary
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
1
View Document:
Attachment | Size |
---|---|
OIG-22-031.pdf | 1.49 MB |
Additional Details Link: