Skip to main content
Report File
Date Issued
Submitting OIG
Department of Commerce OIG
Other Participating OIGs
Department of Commerce OIG
Agencies Reviewed/Investigated
Department of Commerce
Components
Office of the Secretary
Report Number
OIG-22-017-A
Report Description

For our final report on our audit of the U.S. Department of Commerce's (the Department's) system security assessment process, our objective was to assess the effectiveness of the Department's system security assessment and continuous monitoring program to ensure security deficiencies were identified, monitored, and adequately resolved. We found the Department did not effectively execute its continuous monitoring and systemassessment process. Specifically, we found the following: I. the Department did not effectively plan for system assessments; II. the Department did not consistently conduct reliable system assessments; III. the Department did not resolve security control deficiencies within defined completion dates; and IV. the Department’s security system of record—i.e., the cyber security asset and management tool—did not provide accurate and complete assessment and plan of action & milestone data.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
8
Questioned Costs
$0
Funds for Better Use
$0

Department of Commerce OIG

United States