Skip to main content
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Report Number
A-18-22-03400
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
3
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
25-A-18-022.01 No $0 $0

We recommend that the Health Resources and Services Administration require the OPTN IT system contractor to remediate the 22 vulnerabilities identified and verify that the 22 vulnerabilities identified were remediated.

25-A-18-022.02 No $0 $0

We recommend that the Health Resources and Services Administration require the OPTN IT system contractor to improve network monitoring by implementing NIST SP 800-53, Revision 5, for the OPTN IT system, to include data loss prevention technology to prevent unauthorized exfiltration of information (Control SC-7(10)) and red-team exercises to simulate attempts by adversaries to compromise organizational systems (Control CA-8(2)).

25-A-18-022.03 No $0 $0

We recommend that the Health Resources and Services Administration implement procedures to help ensure that the OPTN IT system contractor maintains compliance with federally required cybersecurity controls policies and standards on a continuing basis.

Department of Health & Human Services OIG

United States