Federal Reports

The Office of Refugee Resettlement (ORR), a program office of the Administration for Children and Families (ACF) within HHS, manages the Unaccompanied Alien Children Program. ORR funds a network of about 195 facilities. ORR also operates influx care facilities to provide temporary emergency shelter and services for children. ORR contracted with Comprehensive Health Service, LLC (CHS), a medical management services provider, to operate a temporary influx care facility located in Homestead, Florida. Some members of Congress have expressed concerns about ORR’s awarding of a $341 million sole source contract to CHS.

The information security program of the Corporation for National and Community Service, now called AmeriCorps, remains Not Effective and has shown little progress over the past four years. While AmeriCorps has demonstrated some improvement on configuration management, key areas of organization-wide risk management strategy, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management have remained stagnant at a low level of maturity. AmeriCorps continues to suffer a significant number of critical and high-risk vulnerabilities, which were not mitigated within the prescribed deadlines commensurate with their importance. Nor has AmeriCorps made significant progress in closing prior recommendations. Since last year, only eleven of the 58 open recommendations from the FY 2014 – FY 2019 FISMA evaluations have been resolved, yielding limited improvements in FISMA metric results. An inability to address critical deficiencies leaves AmeriCorps systems and data vulnerable to data breaches, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers nine recommendations (eight new and one modified repeat), which, together with the prior year recommendations, will assist AmeriCorps in addressing challenges in the development of a mature and effective information security program. AmeriCorps has committed to implementing corrective actions to our recommendations.

EAC OIG, through the independent public accounting firm of Brown & Company, PLLC, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 (FISMA) and related information security policies, procedures, standards, and guidelines for fiscal year 2020.