Skip to main content

Open Recommendations

This report has 40 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
D-2025-0053-D000CU-0001-0001.a No $0 $0

(U) Rec 1.a: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief update inventory records for all classified mobile devices to include information for the six elements required in an accountable property system of record

D-2025-0053-D000CU-0001-0001.b No $0 $0

(U) Rec 1.b: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0001.c No $0 $0

(U) Rec 1.c: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0001.d No $0 $0

(U) Rec 1.d: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief immediately revalidate and document the user justification for the devices and recall the device if the user no longer has a valid mission need, revise existing access policies to require detailed written justifications for obtaining classified mobile devices, and establish processes to periodically, at least annually, revalidate the need for continued access to the devices.

D-2025-0053-D000CU-0001-0001.e No $0 $0

(U) Rec 1.e: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief take immediate action to

D-2025-0053-D000CU-0001-0001.f No $0 $0

(U) Rec 1.f: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0001.g No $0 $0

(U) Rec 1.g: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief revise existing or develop new classified mobile device training programs that include information on all 23 Office of the Secretary of Defense memorandum requirements.

D-2025-0053-D000CU-0001-0001.h No $0 $0

(U) Rec 1.h: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief provide all existing classified mobile device users with the updated training that includes all 23 Office of the Secretary of Defense memorandum requirements

D-2025-0053-D000CU-0001-0001.i No $0 $0

(U) Rec 1.i: The DoD OIG recommended that the U.S. European Command Chief Information Office Division Chief update the classified mobile device user agreement to include all Committee on National Security Systems Directive No. 520 requirements and ensure that all users have acknowledged the updated user agreement.

D-2025-0053-D000CU-0001-0001.j No $0 $0

(U) Rec 1.j: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0001.k No $0 $0

(U) Rec 1.k: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.a No $0 $0

(U) Rec 2.a: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer update inventory records for all classified mobile devices to include information for the six elements required in an accountable property system of record as required by CNSSD No. 520 and DoD Instruction 5000.64.

D-2025-0053-D000CU-0001-0002.b No $0 $0

(U) Rec 2.b: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer update the Commercial Solution for Classified Implementation Guidance to define the frequency for conducting inventories and reporting results to U.S. Special Operations Command Headquarters; immediately conduct an inventory of all Component classified mobile devices; update their inventory records; and take appropriate action if you are unable to properly reconcile a classified mobile device.

D-2025-0053-D000CU-0001-0002.c No $0 $0

(U) Rec 2.c: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.d No $0 $0

(U) Rec 2.d: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.e No $0 $0

(U) Rec 2.e: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer immediately revalidate and document the user justification for the devices and recall the device if the user no longer has a valid mission need, and revise existing access policies to require detailed written justifications for obtaining classified mobile devices, and establish processes to periodically, at least annually, revalidate the need for continued access to the devices.

D-2025-0053-D000CU-0001-0002.f No $0 $0

(U) Rec 2.f: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.g No $0 $0

(U) Rec 2.g: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.h No $0 $0

(U) Rec 2.h: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer revise existing or develop new classified mobile device training programs that include information on all 23 Office of the Secretary of Defense memorandum requirements.

D-2025-0053-D000CU-0001-0002.i No $0 $0

(U) Rec 2.i: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer provide all existing classified mobile device users with the updated training that includes all 23 Office of the Secretary of Defense memorandum requirements.

D-2025-0053-D000CU-0001-0002.j No $0 $0

(U) Rec 2.j: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer update the classified mobile device user agreement to include all Committee on National Security Systems Directive No. 520 and National Security Agency requirements and ensure that all users have acknowledged the updated user agreement.

D-2025-0053-D000CU-0001-0002.k No $0 $0

(U) Rec 2.k: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer 4develop and implement procedures for retaining signed classified mobile device user agreements.

D-2025-0053-D000CU-0001-0002.l No $0 $0

(U) Rec 2.l: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.m No $0 $0

(U) Rec 2.m: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0002.n No $0 $0

(U) Rec 2.n: The DoD OIG recommended that the U.S. Special Operations Command Director for Command, Control, Communications and Computer/Cyber, Chief Information Officer Implement a cyber incident response plan and controls to ensure \that the plan is reviewed and approved annually.

D-2025-0053-D000CU-0001-0003.a No $0 $0

(U) Rec 3.a: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate update inventory records for all classified mobile devices to include information for the six elements required in an accountable property system of record.

D-2025-0053-D000CU-0001-0003.b No $0 $0

(U) Rec 3.b: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate develop and implement a process to ensure inventories are conducted periodically and records are updated in a timely manner; immediately reconcile all issued and on-site classified mobile devices; update inventory records; and take appropriate action if you are unable to properly reconcile a classified mobile device.

D-2025-0053-D000CU-0001-0003.c No $0 $0

(U) Rec 3.c: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0003.d No $0 $0

(U) Rec 3.d: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0003.e No $0 $0

(U) Rec 3.e: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate immediately revalidate and document the user justification for the devices and recall the device if the user no longer has a valid mission need, revise existing access policies to require detailed written justifications for obtaining classified mobile devices, and establish processes to periodically, at least annually, revalidate the need for continued access to the devices.

D-2025-0053-D000CU-0001-0003.f No $0 $0

(U) Rec 3.f: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0003.g No $0 $0

(U) Rec 3.g: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0003.h No $0 $0

(U) Rec 3.h: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate revise existing or develop new classified mobile device training programs that include information on all 23 Office of the Secretary of Defense memorandum requirements.

D-2025-0053-D000CU-0001-0003.i No $0 $0

(U) Rec 3.i: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate provide all existing classified mobile device users with the updated training that includes all 23 Office of the Secretary of Defense memorandum requirements.

D-2025-0053-D000CU-0001-0003.j No $0 $0

(U) Rec 3.j: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate establish a mechanism to track the status of all classified mobile device user agreements and ensure that all users have acknowledged the most recent version of the user agreement.

D-2025-0053-D000CU-0001-0003.k No $0 $0

(U) Rec 3.k: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate develop and implement procedures for retaining signed classified mobile device user agreements.

D-2025-0053-D000CU-0001-0003.l No $0 $0

(U) Rec 3.l: The DoD OIG recommended that the Director of the Defense Information Systems Agency's Joint Enterprise Services Directorate develop and implement procedures to verify that their classified mobile device users XXXXXXXXXX as required by Committee on National Security Systems Directive No. 520.

D-2025-0053-D000CU-0001-0003.m No $0 $0

(U) Rec 3.m: This recommendation is Controlled Unclassified Information

D-2025-0053-D000CU-0001-0004. No $0 $0

(U) Rec 4: The DoD OIG recommended that the DoD Chief Information Officer direct the DoD Component heads to review their classified mobile device programs for the issues identified in this report, take corrective actions as applicable, and report the results of their review and any corrective actions taken to the DoD Chief Information Officer. At a minimum, DoD Component heads should ensure that their classified mobile device programs,
a. (U) maintain complete and accurate inventory records,
b. (CUI) XXXXXXXXX,
c. (CUI) XXXXXXXXX,
d. (CUI) XXXXXXXXX,
e. (U) include all requirements in their classified mobile device training,
f. (U) include all requirements in their classified mobile device user agreements,
g. (CUI) XXXXXXXXX, and
h. (U) annually review and approve incident response plans

D-2025-0053-D000CU-0001-0005. No $0 $0

(U) Rec 5: This recommendation is Controlled Unclassified Information

Department of Defense OIG

United States