The Cybersecurity and Infrastructure Security Agency (CISA) did not implement effective controls for the selected High Value Asset (HVA) system per Federal and departmental requirements. CISA developed policies and procedures to reduce risks to sensitive information stored on the selected HVA system. However, we identified security deficiencies in two of eight security and privacy controls required by the National Institute of Standards and Technology pertaining to:
•
access controls; and
•
awareness and training.
These deficiencies occurred because CISA did not have effective continuous monitoring of the selected HVA system. Without effective controls, CISA could not be assured that sensitive information stored and processed by the selected HVA system was protected and secured.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Homeland Security | Cybersecurity System Review of a Selected High Value Asset at CISA | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Health Resources and Services Administration Fiscal Year 2024 Detailed Accounting Submission and Fiscal Year 2026 Budget Formulation Compliance Report for National Drug Control Activities, and the Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of Action Contre La Faim Under Multiple Awards, for the Fiscal Year Ended December 31, 2023 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of IMPACT Initiatives Under Multiple USAID Agreements for the Year Ended December 31, 2023 | Other |
|
View Report | |
| U.S. Agency for International Development | Closeout Audit of Centre for Social Initiatives Promotion Under Inclusion Program in Vietnam, Cooperative agreement 72044020CA00005, April 1 to December 31, 2023 | Other |
|
View Report | |
| U.S. Agency for International Development | Ukraine Response: Audit of USAID's Office of Transition Initiatives' Engagement of Local Partners in Ukraine | Audit |
|
View Report | |
| U.S. Agency for International Development | Audit of the Schedule of Expenditures of Yozmot ATID Under Cooperative Agreement 72029421CA00008, Female Led Microbusiness Development for Promoting a Culture of Peace Program in West Bank and Gaza, September 30, 2021, to December 31, 2022 | Other |
|
View Report | |
| Department of Health & Human Services | PRAC Phase II COVID-19 Impact Study: Marion County, GA | Inspection / Evaluation | Agency-Wide | View Report | |
| Department of Health & Human Services | Independent Attestation Review: Centers for Medicare & Medicaid Services Fiscal Year 2024 Detailed Accounting Submission and Fiscal Year 2026 Budget Formulation Compliance Report for National Drug Control Activities, and the Accompanying Required Assertio | Audit | Agency-Wide | View Report | |
| Department of Health & Human Services | Health Resources and Services Administration Fiscal Year 2024 Detailed Accounting Submission and Fiscal Year 2026 Budget Formulation Compliance Report for National Drug Control Activities, and the Accompanying Required Assertions | Audit | Agency-Wide | View Report | |
