Federal Reports

DHS had not yet strengthened its cybersecurity posture by implementing a Continuous Diagnostics and Mitigation (CDM) Program. DHS spent more than $180 million between 2013 and 2020 to design and deploy a department-wide continuous monitoring solution but faced setbacks. DHS initially planned to deploy its internal CDM solution by 2017 using a “One DHS” approach that restricted components to a standard set of common tools. We attributed DHS’ limited progress to an unsuccessful initial implementation strategy, significant changes to its deployment approach, and continuing issues with component data collection and integration. As of March 2020, DHS had developed a key element of the program, its internal CDM dashboard. However, the dashboard contained less than half of the required asset management data. As a result, the Department cannot leverage intended benefits of the dashboard to manage, prioritize, and respond to cyber risks in real time. Finally, we identified vulnerabilities on CDM servers and databases. This occurred because DHS did not clearly define patch management responsibilities and had not yet implemented required configuration settings. Consequently, databases and servers could be vulnerable to cybersecurity attack, and the integrity, confidentiality, and availability of the data could be at risk. We made three recommendations for DHS to update its program plan, address vulnerabilities, and define patch management responsibilities.

The Transportation Security Administration (TSA) did not manage the Recruitment and Hiring (R&H) contract in a fiscally responsible manner. Specifically, TSA did not properly plan contract requirements prior to awarding the contract and did not develop accurate cost estimates for all contract modifications. We recommended TSA establish a cross-functional requirements working group for planning and awarding the R&H re-compete efforts as well as other Personnel Futures Program contract requirements. The working group should develop a holistic and forward-thinking acquisition strategy, as well as implement a comprehensive process for reviewing and determining requirements. We also recommended TSA ensure Human Capital improves contract management activities including, but not limited to, requirements planning and realistic cost estimate development by obtaining additional expert resources or leveraging existing expertise. We made two recommendations to improve TSA’s contract management. TSA concurred with both recommendations.

This report contains information about recommendations from the OIG's audits, evaluations, reviews, and other reports that the OIG had not closed as of the specified date because it had not determined that the Department of Justice had fully implemented them. The list omits information that the Department of Justice determined to be limited official use or classified, and therefore unsuitable for public release.The status of each recommendation was accurate as of the specified date and is subject to change. Specifically, a recommendation identified as not closed as of the specified date may subsequently have been closed.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the Battle Creek VA Medical Center and multiple outpatient clinics in Michigan. The inspection covers key clinical and administrative processes that are associated with promoting quality care. This inspection focused on Leadership and Organizational Risks; COVID-19 Pandemic Readiness and Response; Quality, Safety, and Value; Medical Staff Privileging; Medication Management: Long-Term Opioid Therapy for Pain; Mental Health: Suicide Prevention Program; Care Coordination: Life-Sustaining Treatment Decisions; Women’s Health: Comprehensive Care; and High-Risk Processes: Reusable Medical Equipment.Three of four executive team members were serving in an acting capacity at the time of the OIG’s review. Employee survey results revealed opportunities for the Associate Director for Patient Care Services to improve staff satisfaction. Patient experience survey data highlighted various opportunities to improve satisfaction. The OIG’s review of accreditation findings, sentinel events, and disclosures did not identify any substantial organizational risk factors. Leaders were knowledgeable about selected data used in Strategic Analytics for Improvement and Learning models and should continue to take actions to sustain and improve performance.The OIG issued 11 recommendations for improvement in six areas:(1) Quality, Safety, and Value• Recommendation, implementation, and monitoring of action items• Interdisciplinary review of utilization management data(2) Medical Staff Privileging• Provider exit review forms(3) Medication Management• Pain management committee processes(4) Mental Health• Patient follow-up visits(5) Women’s Health• Women veterans health committee membership and attendance• Women veterans program manager duties• Designated maternity care coordinator(6) High-Risk Processes• Standard operating procedures• Staff training• Competency assessments

The portion of Americans who vote by mail had been growing steadily even before the novel coronavirus disease (COVID-19) pandemic led to millions of voters casting mail ballots for the first time. In the 2020 general election, the Postal Service delivered more than 135 million ballots to or from voters. In this white paper, the OIG provides an overview of vote-by-mail processes, the variability of those processes, and challenges for the Postal Service and others.

NGA OIG Spring Semiannual Report to Congress, 1 October 2020 - 31 March 2021