Federal Reports

Why We Did This Report

The U.S. Environmental Protection Agency Office of Inspector General initiated this project to summarize findings from prior EPA OIG reports on the EPA’s management of the Infrastructure Investment and Jobs Act funding for the 2022 Clean School Bus Rebates Program that could help inform the Agency’s decision-making when funding future programs.
 

Summary of Findings

We reviewed five previously issued EPA OIG reports related to the EPA’s 2022 Clean School Bus Rebates Program. From those, we identified two main issues with the program: the application and selection process and the management of funds. We also analyzed the 11 recommendations that we made to the EPA to address the deficiencies identified in those five prior reports. The Agency has completed or is in the process of implementing corrective actions for all 11 prior recommendations.

As required by the Inspector General Act of 1978 (as amended), this Semiannual Report summarizes the activities of the Office of Inspector General for the preceding 6-month period.

Our Objective(s) 

To assess whether FAA (1) has selected and implemented the required high-impact baseline security controls for its high-impact systems and (2) is mitigating potential vulnerabilities for its high-impact systems. 

Why This Audit 

FAA relies on critical information systems to meet its mission of safely and efficiently managing air travel in the United States. In August 2021, we reported that FAA had re-categorized 45 information systems as high-impact systems. Further, we found FAA was not holding its high-impact system owners responsible for remediating high-security baseline control weaknesses. Given our previous findings, and the potential risks to the National Airspace System (NAS) if high-impact baseline security controls are not fully implemented, we self-initiated this audit. 

What We Found 

FAA has begun selecting and implementing required security controls for its high-impact systems supporting the NAS, but gaps remain. 

• FAA has made progress but has not selected all required high baseline security controls for its systems that support the NAS. We found 15 of the 45 high-impact systems we reviewed had security controls selected under the outdated NIST SP 800-53 Revision 4 (Rev 4) standards, rather than the current Revision 5 (Rev 5) standards. 
• FAA has not fully implemented required security controls for systems that support the NAS. According to system documentation we reviewed, FAA had not fully implemented 1,836 (11.3 percent) of the 16,245 required controls for the 45 systems. 
• Some high-impact systems continue to have missing baseline security controls, according to their system documentation. 
• According to FAA, these gaps exist in part because of technical and other challenges with FAA's systems. Until these gaps are filled, these systems may be vulnerable to cyberattacks that could cause severe or catastrophic effects on the NAS. 

FAA does not fully track and mitigate all potential vulnerabilities for its high-impact systems in DOT's system of record. 

• FAA is not tracking and mitigating vulnerabilities within DOT's system of record, as required. As a result, FAA is not being fully transparent with the Department in identifying its vulnerabilities. 
• FAA has not ensured its security system documentation is fully updated with the status of all vulnerabilities. 

Recommendations 

We made 4 recommendations to mitigate the risks associated with not selecting and implementing all required high-baseline security controls and/or not fully mitigating potential vulnerabilities for FAA's 45 high-impact systems supporting the NAS. 

Note: The Department has determined that this report contains sensitive security information (SSI) that is controlled under 49 C.F.R. parts 15 and 1520. No part of this report may be disclosed to persons without a "need to know," as defined in 49 C.F.R. parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 C.F.R. parts 15 and 1520. Relevant portions of this public version of the report have been redacted.

In 2023, the Smithsonian Institution (Smithsonian) began a multi-year project to revitalize the Hirshhorn Museum Sculpture Garden. Smithsonian awarded a firm-fixed-price contract to address waterproofing, concrete decay and stormwater management problems, among other issues, for the Sculpture Garden. 

The Office of the Inspector General contracted with Sikich CPA LLC to determine whether the Smithsonian approved the contractor’s applications for payment in accordance with the terms and conditions of the contract.

The VA Office of Inspector General (OIG) Vet Center Inspection Program provides a focused evaluation of aspects of the quality of care delivered at vet centers. This inspection report evaluated three randomly selected vet centers throughout North Atlantic district 1 zone 2: Buffalo, Nassau, and Syracuse, New York.

This OIG inspection focused on four review areas: suicide prevention; consultation, supervision, and training; outreach; and environment of care. The suicide prevention review evaluated vet center staff participation on supporting VA medical facility mental health executive councils and documentation of contacts and outcomes in the high risk suicide flag SharePoint site, which resulted in one recommendation for the Buffalo Vet Center. The consultation, supervision, and training review evaluated external clinical consultation, monthly client record reviews, and completion of select trainings. This resulted in two recommendations related to external clinical consultation and training across all three vet centers inspected. The outreach review evaluated outreach plan completion, inclusion of strategic components, and tailoring of outreach activities to eligible individuals, which resulted in one recommendation for the Buffalo and Nassau Vet Centers. The environment of care review evaluated vet centers’ physical environment and general safety, resulting in five recommendations for the Syracuse Vet Center and one recommendation for the Nassau Vet Center. In addition, the OIG made one recommendation to the Buffalo Vet Center specific to discrepancies in the vet center address on VA and public-facing websites.

The Chief Readjustment Counseling Officer and District Director concurred with the OIG’s 10 recommendations. District leaders reviewed requirements and developed plans for participation in VA mental health executive council, external clinical consultation, outreach plans, and emergency and crisis plans with vet center directors. Further, district leaders developed processes to ensure staff complete training, fire extinguishers and automated external defibrillators are serviced as required, and to update public-facing websites.

The VA Office of Inspector General (OIG) Vet Center Inspection Program provides a focused evaluation of aspects of the quality of care delivered at vet centers. This inspection report evaluated three randomly selected vet centers throughout North Atlantic district 1 zone 3: Dubois, Lancaster, and White Oak, Pennsylvania.

This OIG inspection focused on four review areas: suicide prevention; consultation, supervision, and training; outreach; and environment of care. The suicide prevention review evaluated vet center staff participation on supporting VA medical facility mental health executive councils and documentation of contacts and outcomes in the high risk suicide flag SharePoint site, which resulted in no recommendations for the three vet centers inspected. The consultation, supervision, and training review evaluated external clinical consultation, monthly client record reviews, and completion of select trainings. This resulted in two recommendations related to external clinical consultation and training for the Lancaster and White Oak Vet Centers. The outreach review evaluated outreach plan completion, inclusion of strategic components, and tailoring of outreach activities to eligible individuals, which resulted in one recommendation across all three vet centers inspected. The environment of care review evaluated vet centers’ physical environment and general safety, resulting in no recommendations for the three vet centers inspected.

The Chief Readjustment Counseling Officer and District Director concurred with the OIG’s three recommendations. District leaders reviewed requirements and developed processes to ensure compliance with external clinical consultation and outreach plans with vet center directors. Further, district leaders ensured staff are compliant with required trainings.