An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Defense
Lead Inspector General for Operation Inherent Resolve I Quarterly Report to the United States Congress I July 1, 2020 - September 30, 2020
Inspection of the Government Publishing Office’s (GPO) Acquisition Services Contracting Procedures for Supplies and Services and their Effectiveness in Preventing Late Penalty Fees
We inspected the U.S. Government Publishing Office’s (GPO) Acquisition Services with the intent of answering the following question: Are GPO’s procedures for procuring supplies and services contracts effective in preventing late penalty fees? Our report contains six recommendations designed to improve GPO’s contracting processes. The recommendations focus on statute compliance by providing the OIG with requested documentation; updating policies; improving timeliness by training Acquisition Services personnel the (cradle-to-grave) payment process; ensuring that Acquisition Services personnel are current in their contracting certifications; implementing a tracking system to document certifications and required continuous learning points (CLPs); and improving penalty tracking and reporting.
Although the Department had several notable improvements in implementing its cybersecurity initiatives, its overall IT security programs and practices were not effective in all of the five security functions. We had findings in all eight metric domains, which included findings with the same or similar conditions identified in prior reports. Specifically, we found that the Department can strengthen its controls in areas such as - (1) Risk Management. Remediation process for its Plan of Action and Milestones; enterprise supply chain assessment strategy; IT inventory reporting; and required IT security clauses for its contracts: (2) Configuration Management. Use of unsecure connections and appropriateapplication connection protocols; and reliance on unsupported operating systems, databases, and applications in its production environments:(3) Identify and Access Management. Removing access of terminated users to the Department’s network and database management: and(4) Incident Response. Timely reporting of incidents; and ensuring data loss prevention tools work accordingly. Until the Department improves in these areas, it cannot ensure that its overall information security program adequately protects its systems and resources fromcompromise and loss.
