ICE Did Not Fully Implement Effective Security Controls on Selected High Value Asset Systems

Date Issued

Friday, September 20, 2024

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Components

United States Immigration and Customs Enforcement (ICE)

Report Number

OIG-24-53

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 6 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the ICE Office of the Chief Information Officer, in coordination with DHS Office of the Chief Information Officer, establish and implement cloud configuration standards for the selected High Value Asset systems in accordance with DHS configuration guidance.
2	No	$0	$0
We recommend the ICE Office of the Chief Information Officer develop and implement compliance scan guidance for the selected ICE cloud-based platform in accordance with applicable requirements.
3	No	$0	$0
We recommend the ICE Office of the Chief Information Officer ensure that the vulnerabilities identified in our assessments were remediated in a timely manner or that a Plans of Action and Milestones was created according to DHS and ICE policies.
4	No	$0	$0
We recommend the ICE Office of the Chief Information Officer develop a process to ensure scans for the selected High Value Assets are performed, reviewed, and verified according to applicable requirements.
5	No	$0	$0
We recommend the ICE Office of the Chief Information Officer update the security baseline policy with sufficient guidance to ensure the accurate review and approval of the system baseline documentation for the selected High Value Asset systems.
6	No	$0	$0
We recommend the ICE Office of the Chief Information Officer update and improve security baseline processes to ensure system baseline documentation is accurate and up to date for selected the High Value Asset systems.