Federal Reports

We determined that USCIS did not apply the IT access controls needed to restrict unnecessary access to its systems, networks, and information. Specifically, USCIS did not consistently manage access for personnel, service accounts, and privileged users. We attribute these deficiencies to insufficient internal controls and day-to-day oversight to ensure access controls are administered appropriately and effectively to prevent unauthorized access. Additionally, we determined USCIS did not implement all the required security settings and updates for its IT systems and workstations to help reduce the risks that may result from an access control weakness. Although USCIS systems and workstations were generally compliant with required security standards, not all required settings and updates were implemented due to concerns that they may negatively impact system operations. Lastly, we determined that while USCIS appropriately relied on departmental guidance for access control policies and procedures, the guidance was outdated and did not include the latest Federal requirements. These deficiencies may limit the Department’s ability to reduce the risk of unauthorized access to its network, which may disrupt mission operations. We made 10 recommendations to improve USCIS’ access controls and system security and DHS’ access control guidance. USCIS and DHS concurred with all 10 recommendations.

The CSB's operations are challenged by vacancies in mission-critical positions and an inability to fully use the resources allocated by Congress.

EAC OIG, through the independent public accounting firm of McBride, Lock & Associates, LLC, audited funds received by the State of Washington under the Help America Vote Act, including state matching funds and program income, totaling $30.3 million. This included Election Security and Coronavirus Aid, Relief, and Economic Security Act grants.

We determined DHS encountered obstacles to screen, vet, and inspect all Afghan evacuees arriving as part of OAR/OAW. Specifically, U.S. Customs and Border Protection (CBP) did not always have critical data to properly screen, vet, or inspect Afghan evacuees. We determined some information used to vet evacuees through U.S. Government databases, such as name, date of birth, identification number, and travel document data, was inaccurate, incomplete, or missing. We also determined CBP admitted or paroled evacuees who were not fully vetted into the United States. We attribute DHS’ challenges to not having: (1) a list of Afghan evacuees without sufficient identification documents; (2) a contingency plan to support similar emergency situations; and (3) standardized policies. As a result, DHS may have admitted or paroled individuals into the United States who pose a risk to national security and the safety of local communities. We made two recommendations to improve the Department’s screening and vetting of current Afghan evacuees and coordination and planning efforts for future similar emergency situations. The Department did not concur with these recommendations.