Skip to main content
Report File
Date Issued
Submitting OIG
General Services Administration OIG
Other Participating OIGs
General Services Administration OIG
Agencies Reviewed/Investigated
General Services Administration
Report Number
A230020BTF24004
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
7
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 5 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 Yes $0 $0

We recommend that GSA’s Chief Financial Officer and Chief Information Officer conduct a comprehensive assessment of GSA’s CIO-IT Security-19-97, IT Security Procedural Guide: Robotic Process Automation (RPA) Security, (RPA policy) to ensure, among other things, that its monitoring controls are effectively designed and implemented.

2 Yes $0 $0

We recommend that GSA’s Chief Financial Officer and Chief Information Officer develop oversight mechanisms to enforce compliance with the RPA policy and ensure that controls are operating effectively.

4 Yes $0 $0

We recommend that GSA’s Chief Financial Officer and Chief Information Officer review all system security plans that bots currently interact with to determine if they address bot and non-person entity access. Update the system security plans, as needed.

6 Yes $0 $0

We recommend that GSA’s Chief Financial Officer and Chief Information Officer review all system security plans that bots currently interact with to determine if the security controls need to be updated. Update the system security plans, as needed.

7 Yes $0 $0

We recommend that GSA’s Chief Financial Officer and Chief Information Officer develop a comprehensive process for removing bot custodian and bot developer access for decommissioned bots and GSA systems that: aligns with GSA’s CIO-IT Security-01-07, IT Security Procedural Guide: Access Control (AC) (access control policy); tracks and documents that access has been removed; and incorporates the process into the RPA policy.

General Services Administration OIG

United States