Skip to main content
Report File
Date Issued
Submitting OIG
Department of Labor OIG
Agencies Reviewed/Investigated
Department of Labor
Report Number
23-25-002-07-725
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
7
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 7 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
001 Yes $0 $0

We recommended the CIO: Develop and implement an unambiguous standard operating procedure, utilizing Federal Risk and Authorization Management Program guidance and leading practices, to monitor cloud service providers and escalate non-compliance effectively to the agency Authorizing Official, including defined risk management deficiency triggers.

002 Yes $0 $0

We recommended the CIO: Develop and implement a validation of the provisioned exemptions to ensure all provisioned exemptions are provisioned appropriately.

003 Yes $0 $0

We recommended the CIO: Complete in progress efforts to modernize impacted systems and subsequently enable multi-factor authentication.

004 Yes $0 $0

We recommended the CIO: Enhance the validation process for the quarterly Chief Information Officer FISMA Metrics to ensure all metrics are reported accurately and are in accordance with applicable guidance and standards.

005 Yes $0 $0

We recommended the CIO: Assign appropriate resources to perform the audit log reviews as required by the system security plan.

006 Yes $0 $0

We recommended the CIO: Develop, implement, and track privacy-focused, role-based training for employees and contractors with significant privacy responsibilities.

007 Yes $0 $0

We recommended the CIO: Develop and implement validation controls to ensure users are properly onboarded to LearningLink and assigned required trainings.

Department of Labor OIG

United States