Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation

Missing Security Controls Put the Department's Cloud-Based High Value Assets at Risk

Submitting OIG: 
Department of Commerce OIG
Report Description: 
For our final report on our audit of the U.S. Department of Commerce’s (the Department’s) security controls for cloud-based high value assets (HVAs), our objective was to verify that the Department implemented security controls for cloud-based HVAs in accordance with federal requirements. We found that the Department does not incorporate all customer responsibility controls for its cloud-based HVAs into system security plans.
Short / Alternative Report Title: 
Missing Security Controls Put the Department's Cloud-Based High Value Assets at Risk
Date Issued: 
Wednesday, September 14, 2022
Agency Reviewed / Investigated: 
Department of Commerce
Submitting OIG-Specific Report Number: 
OIG-22-031-A
Component, if applicable: 
Office of the Secretary
Location(s): 
Agency-Wide
Type of Report: 
Audit
Questioned Costs: 
$0
Funds for Better Use: 
$0
Number of Recommendations: 
1
View Document: 
AttachmentSize
PDF icon OIG-22-031.pdf1.49 MB
Additional Details Link: 
https://www.oig.doc.gov/Pages/Missing-Security-Controls-Put-the-Departments-Clou…

Related Open Recommendations

Recommendation Number Recommendation Status Significant Recommendation Additional Details
2 Open Yes
We recommend that the Deputy Secretary of Commerce direct the Department's Chief Information Officer to revise Department policy to verify all cloud-based HVA SSPs comply with the revised policy.
Displaying 1 of 1 Recommendations