Administration of USDA's Information Technology Regulations and Policies

View Report

Date Issued

Monday, March 23, 2026

Submitting OIG

Department of Agriculture OIG

Agencies Reviewed/Investigated

Department of Agriculture

Report Number

50801-0016-12

Report Description

We determined that USDA’s IT security directives are not sufficiently relevant and effective to address recent threats, as they are not consistently updated and some are similar in content or function, resulting in potential risks to USDA’s IT security posture.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
Document and implement a process to identify, prioritize, track and communicate changes in cybersecurity requirements, threats, technology, and organizational mission as they occur to facilitate the review of directives at least annually to ensure emerging cybersecurity risks and potential compliance gaps are addressed timely.
2	Yes	$0	$0
Implement a process to screen for duplication and overlap across Departmental directives during the drafting, review, and revision of IT security directives.