For our final report on our audit of the U.S. Department of Commerce's (the Department's) system security assessment process, our objective was to assess the effectiveness of the Department's system security assessment and continuous monitoring program to ensure security deficiencies were identified, monitored, and adequately resolved. We found the Department did not effectively execute its continuous monitoring and systemassessment process. Specifically, we found the following: I. the Department did not effectively plan for system assessments; II. the Department did not consistently conduct reliable system assessments; III. the Department did not resolve security control deficiencies within defined completion dates; and IV. the Department’s security system of record—i.e., the cyber security asset and management tool—did not provide accurate and complete assessment and plan of action & milestone data.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Commerce | The Department Needs to Improve Its System Security Assessment and Continuous Monitoring Program to Ensure Security Controls Are Consistently Implemented and Effective | Audit | Agency-Wide | View Report | |
| Securities and Exchange Commission | Registered Investment Adviser Examinations: EXAMS Has Made Progress To Assess Risk and Optimize Limited Resources, But Could Further Improve Controls Over Some Processes, Report No. 571 | Audit | Agency-Wide | View Report | |
| U.S. Agency for International Development | Audit of the Fund Accountability Statement of Ein Dor Museum, Youth United Against Racism Program, in West Bank and Gaza, Cooperative Agreement 72029418CA00003,January 1 to December 31,2020 | Other |
|
View Report | |
| U.S. Agency for International Development | Audit of Associates in Rural Development, Inc.'s Proposed Amounts on Unsettled Flexibly Priced Contracts for Fiscal Year 2016 | Other |
|
View Report | |
| U.S. Agency for International Development | Audit of Dexis Interactive, Inc.'s (dba Dexis Consulting Group) Proposed Amounts on Select Unsettled Flexibly Priced Contracts for FYs 2018 and 2019 | Other |
|
View Report | |
| Department of Education | Massachusetts Department of Elementary and Secondary Education’s Administration of the Temporary Emergency Impact Aid for Displaced Students Program | Audit | Agency-Wide | View Report | |
| Department of Defense | DoD OIG COVID-19 Oversight Plan – Q1 2022 | Other | Agency-Wide | View Report | |
| Amtrak (National Railroad Passenger Corporation) | Guilty Plea and Sentencing to Possession of Cannabis | Investigation |
|
View Report | |
| Department of Health & Human Services | A Review of HHS's Suspension and Debarment Program for Protecting the Integrity of Federal Awards | Inspection / Evaluation | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of Handicap International Federation Under Multiple Awards, for the Fiscal Year Ended December 31, 2018 | Other |
|
View Report | |
