Federal Reports

The U.S. Department of Housing and Urban Development (HUD), Office of Inspector General (OIG), assisted HUD’s Office of Program Enforcement in a civil investigation of Pacific Horizon Bancorp, Inc., and two former loan officers at Pacific Horizon. Pacific Horizon has its principal place of business in La Crescenta, CA.Based on OIG’s civil investigation, on April 2, 2019, HUD notified Pacific Horizon and the two loan officers that it believed they were liable under the Program Fraud Civil Remedies Act of 1986 for violating HUD requirements in connection with four FHA-insured loans for Pacific Horizon and two FHA-insured loans for the loan officers. To avoid the time and expense of further administrative proceedings and to reach a satisfactory resolution of the matter, all of the involved parties entered into settlement agreements. The agreements did not constitute an admission of liability or fault on the part of any party. On July 1, 2019, Pacific Horizon entered into an agreement to pay $325,000 plus accrued interest to HUD. On July 11, 2019, the two loan officers entered into an agreement and collectively agreed to pay a total amount of $15,000 to HUD.

This report presents the OIG’s assessment of GAO’s compliance with Federal Information Security Modernization Act of 2014 (FISMA) requirements.FISMA requires federal agencies to develop, document, and implement an agency-wide information security program for the information and systems that support their operations and assets, including those provided or managed by another agency or contractor. Although GAO, as a legislative branch agency, is not subject to FISMA, its management has chosen to use FISMA as a set of best practices for its information security program. While GAO has defined an information security program that is generally aligned with FISMA the OIG identified several opportunities for GAO to improve the implementation of its information security program and to ensure alignment with federal best practices.The OIG identified opportunities for GAO to strengthen its risk management program. Specifically, GAO needs to better document a key element of its risk management program, complete impact assessments for all systems, and update it procedures to ensure that standard contract language aligns with NIST guidelines as appropriate.In addition to improvements in risk management, there are also opportunities for GAO to better protect its systems. Information system vulnerabilities, especially those designated as high and critical, need to be remediated in a timely manner. Further, baseline configurations, which help ensure consistent secure deployment of hardware and software, had not been documented for all existing environments.GAO also has opportunities to improve its disaster recovery program. Contingency plan testing did not occur in fiscal year 2018 and one high-impact system did not have a contingency plan defined. Finally, GAO did not complete a business impact analysis which helps to inform contingency planning decisions.The OIG made eight recommendation to strengthen GAO's information security program and practices.

U.S. Customs and Border Protection’s (CBP) Office of Field Operations (OFO) has spent nearly $25.6 million on 279 small scale chemical screening devices that do not identify fentanyl and other illicit narcotics at lower purity levels (10 percent or less). We also found CBP OFO does not have adequate policies for deploying, using, and updating the chemical screening devices. We made four recommendations that will help OFO officers better identify fentanyl and other illicit narcotics at ports of entry. Specifically, we recommended that OFO Executive Assistant Commissioner develop and implement a strategy to ensure all deployed devices are able to identify narcotics at purity levels less than or equal to 10 percent, or provide ports of entry with an alternative method. Further, the Executive Assistant Commissioner should develop a formal strategy to deploy, use, and keep the chemical screening devices updated. CBP concurred with all of the recommendations.