Skip to main content
Report File
Date Issued
Submitting OIG
Office of Personnel Management OIG
Other Participating OIGs
Office of Personnel Management OIG
Agencies Reviewed/Investigated
Office of Personnel Management
Components
Other
Report Number
4A-CF-00-15-027
Report Type
Audit
Agency Wide
Yes

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

KPMG recommends that the OCIO fully implement the current authoritative guidance regarding two-factor authentication.

2 No $0 $0

KPMG recommends that the OCIO document and map access rights in OPM systems to personnel roles and functions, following the principle of 'least privilege'.

3 No $0 $0

KPMG recommends that the OCIO enhance OPM’s information security control monitoring program to detect information security control weaknesses by: • Implementing and monitoring procedures to ensure system access is appropriately granted to new users, consistent with the OPM access approval process; and Monitoring the process for the identification and removal of separated users to ensure that user access is removed timely upon separation; implementing procedures to ensure that user access, including user accounts and associated roles, are reviewed on a periodic basis consistent with the nature and risk of the system, and modifying any necessary accounts identified.

Office of Personnel Management OIG

United States