Federal Reports

Federal law requires that each Medicare administrative contractor (MAC) have its information security program evaluated annually by an independent entity, and these evaluations must address the eight major requirements enumerated in the Federal Information Security Management Act of 2002 (FISMA). To comply with this provision, CMS contracted with PricewaterhouseCoopers (PwC) to evaluate information security programs at the MACs, using a set of agreed-upon procedures. To satisfy the requirement to evaluate the information security controls for a subset of systems, CMS expanded the scope of its evaluations to test segments of the Medicare claims processing systems hosted at the Medicare data centers, which support each of the MACs.

The United States Capitol Police (USCP or Department) Office of Professional Responsibility (OPR) oversees administrative investigations relating to the conduct of Department personnel as well as inspections of its organizational components. OPR also records and investigates allegations of misconduct by USCP employees generated from within the Department or outside sources.  The Office of Inspector General (OIG) conducted an independent inspection of OPR. Our primary objectives were to determine if the Department (1) established adequate internal controls and processes for ensuring the integrity of its program, and (2) complied with applicable policies and procedures as well as applicable laws, regulations, and best practices. Our scope included internal controls, processes, and operations during Calendar Year (CY) 2015.