Evaluation of DHS’ Information Security Program for Fiscal Year 2021

Date Issued

Monday, August 1, 2022

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Report Number

OIG-22-55

Report Description

DHS’ information security program for FY 2021 was rated “not effective,” according to this year’s reporting instructions.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Enforce requirements for components to obtain authority to operate, resolve critical and high-risk vulnerabilities, and apply sufficient resources to mitigate security weaknesses.
3	No	$0	$0
Revise DHS 4300A Policy, Handbook, and Ongoing Authorization methodology to incorporate applicable changes from NIST SpecialPublications, including SP 800-37, Revision 2, SP 800-53 Revision 5, and SP 800-137A to maintain consistency between the documents.