Skip to main content
Date Issued
Submitting OIG
Department of Homeland Security OIG
Other Participating OIGs
Department of Homeland Security OIG
Agencies Reviewed/Investigated
Department of Homeland Security
Components
United States Immigration and Customs Enforcement (ICE)
Report Number
OIG-24-01
Report Description

During our ongoing audit to determine the extent to which U.S. Immigration and Customs Enforcement (ICE) manages and secures its mobile devices, we identified thousands of mobile applications installed by ICE employees, contractors, and other DHS agency 1 employees on ICEmanaged mobile devices. These included applications from companies banned from U.S. Government information systems, applications associated with and , third-party file sharing applications, third-party virtual private networks (VPN), and outdated messaging applications.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
6
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 6 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

We recommend ICE’s Chief Information Officer require the immediate removal of applications that are prohibited by DHS policy, as well as risky and unneeded applications.

2 No $0 $0

We recommend ICE’s Chief Information Officer immediately assess whether and to what extent risky applications resulted in breaches of sensitive information.

3 No $0 $0

We recommend ICE’s Chief Information Officer immediately implement a process to assess and reduce risks of user-installed applications on ICE-managed devices.

4 No $0 $0

We recommend ICE’s Chief Information Officer develop and implement a process to ensure all third-party messenger applications allowed to be used for official duties are up to date with the latest security updates.

5 No $0 $0

We recommend ICE’s Chief Information Officer update ICE’s mobile device use policy to align with current DHS requirements and industry best practices.

6 No $0 $0

We recommend the DHS Chief Information Security Officer determine whether similar issues exist for other DHS agencies and take immediate appropriate actions as appropriate.

Department of Homeland Security OIG

United States