Evaluation of OHS' Information Security Program for Fiscal Year 2023

Date Issued

Tuesday, June 4, 2024

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Report Number

OIG-24-26

Report Description

We rated the Department of Homeland Security’s information security program for FY 2023 as “effective,” according to this year’s reporting instructions. We based this rating on our evaluation of the Department’s compliance with requirements of the Federal Information Security Modernization Act of 2014 for unclassified and national security systems. As recommended by this year’s reporting instructions, we used a calculated average approach when determining the effectiveness of the domain, function, and overall program. DHS received a maturity rating of “Level 4 – Managed and Measurable” in the Identify, Protect, Detect, Respond, and Recover functions based on this year’s reporting guidance.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the DHS Chief Information Officer strengthen its oversight to ensure components adhere to DHS’ policies to remediate all known information security weaknesses in a timely manner and obtain the Authority to Operate for their systems.
2	No	$0	$0
We recommend the DHS Chief Information Officer resolve any conflicting guidance on prioritizing information security weaknesses by reviewing all Department policies and procedures to determine whether revision is needed and to ensure DHS’ policies and procedures are clearly defined and consistent with applicable OMB requirements.