FY 2024 FISMA DOL Information Security Report: Continued Improvement of Information System Security Program

Date Issued

Tuesday, December 10, 2024

Submitting OIG

Department of Labor OIG

Agencies Reviewed/Investigated

Department of Labor

Report Number

23-25-002-07-725

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

Open Recommendations

This report has 7 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
001	Yes	$0	$0
We recommended the CIO: Develop and implement an unambiguous standard operating procedure, utilizing Federal Risk and Authorization Management Program guidance and leading practices, to monitor cloud service providers and escalate non-compliance effectively to the agency Authorizing Official, including defined risk management deficiency triggers.
002	Yes	$0	$0
We recommended the CIO: Develop and implement a validation of the provisioned exemptions to ensure all provisioned exemptions are provisioned appropriately.
003	Yes	$0	$0
We recommended the CIO: Complete in progress efforts to modernize impacted systems and subsequently enable multi-factor authentication.
004	Yes	$0	$0
We recommended the CIO: Enhance the validation process for the quarterly Chief Information Officer FISMA Metrics to ensure all metrics are reported accurately and are in accordance with applicable guidance and standards.
005	Yes	$0	$0
We recommended the CIO: Assign appropriate resources to perform the audit log reviews as required by the system security plan.
006	Yes	$0	$0
We recommended the CIO: Develop, implement, and track privacy-focused, role-based training for employees and contractors with significant privacy responsibilities.
007	Yes	$0	$0
We recommended the CIO: Develop and implement validation controls to ensure users are properly onboarded to LearningLink and assigned required trainings.