During our ongoing audit of the Department of Homeland Security’s learning management system (DHSLearning), we identified a significant risk to the operations, assets, and individuals at the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Law Enforcement Training Centers (FLETC). We are issuing this management alert to advise CISA and FLETC to take immediate action to mitigate risks associated with using a high-risk contractor (Contractor A) to supply their learning management systems. A DHS internal investigation identified Contractor A as having poor cybersecurity practices. By not taking action to mitigate the control deficiencies, CISA and FLETC may be putting sensitive personally identifiable information (PII) and sensitive law enforcement training information stored and processed by CISA and FLETC’s learning management systems at risk of compromise.
Date Issued
Submitting OIG
Department of Homeland Security OIG
Other Participating OIGs
Department of Homeland Security OIG
Agencies Reviewed/Investigated
Department of Homeland Security
Components
Federal Law Enforcement Training Center (FLETC)
Report Number
OIG--24-40
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
2
Questioned Costs
$0
Funds for Better Use
$0
Open Recommendations
This report has 2 open recommendations.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | No | $0 | $0 | ||
| We recommend the CISA Chief Information Officer immediately mitigate the control deficiencies or cease operation of the Federal Virtual Training Environment system. | |||||
| 2 | No | $0 | $0 | ||
| We recommend the FLETC Chief Information Officer immediately mitigate the control deficiencies or cease operation of the eFLETC system. | |||||
