Skip to main content
Date Issued
Submitting OIG
Department of Homeland Security OIG
Other Participating OIGs
Department of Homeland Security OIG
Agencies Reviewed/Investigated
Department of Homeland Security
Components
United States Customs and Border Protection (CBP)
Report Number
OIG-24-48
Report Description

Although U.S. Customs and Border Protection (CBP) responded to CBPOne™ application weaknesses after implementation, it did not formallyassess and mitigate the technological risks involved with expanding theapplication to allow undocumented noncitizens (noncitizens) to scheduleappointments to present themselves for processing at Southwest BorderPorts of Entry (POEs). We found that CBP did not initially consider criticalfactors such as the design of the CBP One™ Genuine Presencefunctionality, adequacy of supporting application infrastructure,sufficiency of language translations, and equity of appointmentdistribution. As a result, noncitizens initially using the new featureexperienced application crashes, received frequent error messages, facedlanguage barriers, and may not have always had an equal opportunity tosecure an appointment.

Report Type
Inspection / Evaluation
Agency Wide
Yes
Number of Recommendations
3
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

We recommend CBP’s Office of Field Operations develop and implement a formalized risk assessment process when developing, expanding, or modifying mobile applications.

2 No $0 $0

We recommend CBP’s Office of Field Operations implement a mechanism to analyze CBP One™ advanced information for trends and patterns of fraudulent behaviors by users of CBP One™ and communicate its results to the eight ports of entry that process CBP One™ appointments.

3 No $0 $0

We recommend CBP’s Office of Information Technology implement a mechanism to routinely assess CBP applications and supporting infrastructure operating systems for configuration and patch management vulnerabilities and timely implement corrective actions.

Department of Homeland Security OIG

United States