Federal Reports

The Federal Risk and Authorization Management Program (FedRAMP) standardizes security and risk assessments for cloud technologies for federal agencies, including VA. In April 2019, the VA Office of Inspector General (OIG) received allegations that VA’s Office of Information and Technology’s (OIT’s) Project Special Forces (PSF) was not following FedRAMP policies or VA policy for deploying software-as-a-service (SaaS) applications. The OIG found that OIT granted security authorizations for applications that were not authorized by FedRAMP. Eight of the nine applications cited by the complainant were in use on the VA network—some without FedRAMP or VA authorization. Another three applications were approved to operate on VA’s network without FedRAMP authorization. The OIG did not substantiate that PSF-developed applications were improperly managed outside the VA Enterprise Cloud group. However, PSF did not follow VA security requirements in developing interfaces that allow third parties to “plug into” the VA to send and retrieve data. OIT personnel stated that there was no formal OIT authorization process until April 2019. After that date, the review team did not find instances of VA-authorized applications without FedRAMP authorization. OIT staff also misunderstood the FedRAMP authorization requirements for SaaS applications containing data classified as less sensitive.Failure to comply with FedRAMP standards increases the risk that VA and veterans’ data could be compromised. The OIG made four recommendations to the acting chief information officer (1) to determine whether to prevent use of the unauthorized SaaS applications and (2) whether the reviewed applications should be authorized or reported to the Federal Chief Information Officer. The remaining recommendations were (3) to implement alerts for interface-related abuse and (4) to either use application programming interfaces that transmit sensitive information and requirements for cross-origin resource sharing or seek exceptions to the standards. VA concurred with all recommendations.

While conducting fieldwork for our International Mail Operations and Performance Data project, we found significant operational delays of international outbound (export) packages. Operations were significantly challenged at the Postal Service’s five ISCs due to a large number of export packages identified as having insufficient AED. Postal Service data showed nearly 2.9 million pieces with missing AED between January and August 2021. We also found significant processing delays of some export packages identified with insufficient AED.

The OIG conducted a performance audit to determine whether the FTC’s contracting officer’s representative (COR) program is operating in compliance with federal requirements and FTC policies and procedures.

For our final report on the evaluation of the United States Patent and Trademark Office’s (USPTO’s) patent examination process, our objectives were to (I) assess whether patents are examined in compliance with applicable statutes, regulations, and case law; (2) identify deficiencies within the examination process impacting the quality of patents granted; and (3) identify areas for improvement within the examination process to increase its effectiveness and efficiency. We contracted with The MITRE Corporation (MITRE)—an independent firm—to perform this evaluation. Our office oversaw the progress of this evaluation to ensure that MITRE performed the evaluation in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation (December 2020) and contract terms. However, MITRE is solely responsible for the attached report and conclusions expressed in it.

HHS-OIG'S Semiannual Report to Congress describes OIG's work identifying significant risks, problems, abuses, deficiencies, remedies, and investigative outcomes relating to the administration of HHS programs and operations that were disclosed during the semiannual reporting period April 1, 2021, through September 30, 2021.

FY 2022 Management Challenges Facing the U.S. Department of Education