Skip to main content
Report File
Date Issued
Submitting OIG
Office of Personnel Management OIG
Other Participating OIGs
Office of Personnel Management OIG
Agencies Reviewed/Investigated
Office of Personnel Management
Components
Other
Report Number
2022-IAG-003
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
0
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 11 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

Review and update system documentation (System Security Plans and Authority to Operate Packages) and appropriately document results of Risk Assessments and Information System Continuous Monitoring) in accordance with agency policies and procedures.

7 No $0 $0

Perform a comprehensive periodic review of the appropriateness of personnel with access to systems.

6 No $0 $0

Ensure policies and procedures governing the provisioning and de-provisioning of access to information systems are followed in a timely manner and documentation of completion of these processes is maintained.

9 No $0 $0

Establish a means of documenting all users who have access to systems, and all users who had their systems access revoked.

11 No $0 $0

Prepare audit logging and monitoring procedures for databases within application boundaries. Review audit logs on a pre-defined periodic basis for violations or suspicious activity and identify individuals responsible for follow up or elevation of issues to the appropriate team members for review. The review of audit logs should be documented for record retention purposes.

5 No $0 $0

Establish a means of documenting a list of users with significant information system responsibilities to ensure the listing is complete and accurate and the appropriate training is completed.

8 No $0 $0

Implement two-factor authentication for applications.

10 No $0 $0

Document access rights to systems to include roles, role descriptions, privileges or activities associated with each role and role or activity assignments that may cause a segregation of duties conflict.

12 No $0 $0

Establish a mechanism to systematically track all configuration items that are migrated to production in order to produce a complete and accurate listing of all configuration items. Further, develop, document, implement, and enforce requirements and processes to periodically validate that all configuration items migrated to production are authorized and valid.

14 No $0 $0

Enforce existing policy developed by OPM, vendors or federal agencies requiring mandatory security configuration settings, implement a process to periodically validate the settings are appropriate and ensure that proper baselines are scanned.

15 No $0 $0

Develop interface / data transmission design documentation that specifies definition of responsibilities, as well as on-going system balancing requirements.

Office of Personnel Management OIG

United States