An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Millennium Challenge Corporation
Audit of MCC Resources Managed Municipality of Ttouan, Under the Grant and Implementation Agreement and the Millennium Challenge Compact Between MCC and the Government of Morocco, for the period April 1, 2021 to March 31, 2022
U.S. Fish and Wildlife Service Grants Awarded to the State of Ohio, Department of Natural Resources, From July 1, 2019, Through June 30, 2021, Under the Wildlife and Sport Fish Restoration Program
An Amtrak conductor based in Washington, D.C., violated company policies by failing to report an August 5, 2019, Driving While Intoxicated (DWI) conviction he incurred during his employment. Amtrak removed the employee from service pending his disciplinary hearing. The employee agreed to a Waiver in Lieu of Termination on June 9, 2023, admitting to the charges and was assessed a time-served suspension after remaining out of service for six weeks.
Investigative Summary: Findings of Misconduct by an OIG Supervisory Employee for Failing to Timely Report the Employee’s Arrest for Driving Under the Influence of Alcohol
The VA Office of Inspector General (OIG) conducts information security inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the St. Cloud VA Medical Center in Minnesota because it had not been previously visited as part of the annual FISMA audit.The OIG’s information security inspections focus on four security control areas that apply to local facilities and have been selected based on their levels of risk: configuration management, contingency planning, security management, and access controls. During this inspection, the OIG found deficiencies with configuration management, contingency planning, and access controls.Deficiencies in configuration management included critical-risk vulnerabilities that VA’s Office of Information and Technology did not identify, uninstalled patches, an inaccurate inventory, and unauthorized software, which deprive users of reliable information access and could risk unauthorized access to, or alteration or destruction of, critical systems. The team identified a contingency planning weakness concerning an untested emergency power shutoff in the data center. Weak access controls included missing logs and visitor access records, communication rooms with insufficient climate controls, and nonworking video surveillance in the data center. These deficiencies compromised the security and maintenance of the information system.The OIG made eight recommendations to the assistant secretary for information and technology and chief information officer to improve controls at the facility because they are related to enterprise-wide information security issues similar to those identified on previous FISMA audits and information security inspections. The OIG also made two recommendations to the St. Cloud VA Medical Center director.
