The Department Needs to Improve Its Capability to Effectively Share Cyber Threat Information

Submitting OIG:

Report Description:

This report provides the results of our audit to assess the Department of Commerce’s (the Department’s) cybersecurity information sharing program, consistent with the Cybersecurity Information Sharing Act of 2015 (CISA). Our audit objective was to determine the capabilities and practices of the Department to carry out cybersecurity information sharing.

Short / Alternative Report Title:

FY 2019 Cybersecurity Information Sharing Act Audit

Date Issued:

Monday, September 30, 2019

Agency Reviewed / Investigated:

Department of Commerce

Submitting OIG-Specific Report Number:

OIG-19-026-A

Component, if applicable:

Office of the Secretary

Location(s):

Agency-Wide

Type of Report:

Audit

Number of Recommendations:

View Document:

Attachment	Size
OIG-19-026-A.pdf	329.65 KB

Related Open Recommendations

Recommendation Number	Recommendation Status	Significant Recommendation
1	Open	No
We recommend that the Chief Information Officer finalize CTIP licensing and interconnection agreements and utilize the CTIP Application Programming Interface to automate Department bureaus’ ingestion of cyber threat information.
2	Open	No
We recommend that the Chief Information Officer ensure that all Department bureaus have access to CTIP.

Recommendation Number

Recommendation Status

Significant Recommendation

Additional Details

Open

We recommend that the Chief Information Officer finalize CTIP licensing and interconnection agreements and utilize the CTIP Application Programming Interface to automate Department bureaus’ ingestion of cyber threat information.

Open

We recommend that the Chief Information Officer ensure that all Department bureaus have access to CTIP.

Search form

The Department Needs to Improve Its Capability to Effectively Share Cyber Threat Information

Related Open Recommendations