Federal Reports

This report assesses the extent to which the company has taken steps to ensure that contracting officers’ technical representatives (COTRs) conduct effective post-award contract oversight. We identified weaknesses in Amtrak’s practices related to its COTRs who should provide day-to-day oversight of a contract which includes ensuring goods and services meet contract terms, invoices reflect the goods and services provided, and contractor performance is documented. Specifically, we found that Amtrak 1) lacks standards defining COTRs’ roles and responsibilities; 2) provides limited training for COTRs; 3) does not consistently make, communicate, or track COTR assignments; and 4) does not consistently hold COTRs accountable for their performance. We recommended that Amtrak clarify and institutionalize the role of the COTR. This includes establishing contract oversight as a distinct function with defined roles and responsibilities for COTRs, providing them with training, holding them accountable for performing effectively, and better managing their assignments to ensure that the company consistently oversees contracts.

We conducted an attestation review of the U.S. Department of Housing and Urban Development (HUD), Office of Special Needs Assistance Continuum of Care, regarding drug control accounting and associated management assertions for fiscal year 2018. As required by Federal statute 21 U.S.C. 1704(d), we reviewed HUD’s Report on Drug Control Accounting, including its written assertions. Our responsibility is to express a conclusion on the subject matter or assertion based on our review. We performed review procedures on HUD’s assertions and the accompanying fiscal year 2018 Accounting of Drug Control Funding and Performance Summary reports. Based upon our review, we are not aware of any material modifications that should be made to HUD’s assertions or the accompanying fiscal year 2018 Accounting of Drug Control Funding and Performance Summary in order for them to be in accordance with Office of National Drug Control Policy requirements.

We have determined that the Corporation for National and Community Service’s (CNCS’s) information security program is NOT EFFECTIVE. CNCS has in place the basic information technology policies, procedures and system security documentation needed for effective cybersecurity. To progress beyond the current maturity level, the Corporation must consistently implement and monitor security controls. We continued to find severe vulnerabilities on the network. CNCS has still not fully implemented baseline security configuration settings specific to the existing information technology environment. Further, CNCS has not implemented multifactor authentication for information system users and administrators. These gaps limit the protection of CNCS systems and data, and may expose sensitive information, including Personally Identifiable Information (PII), to unauthorized access and use.The independent IG report offers 25 recommendations to assist CNCS in strengthening its information security program and reach an Effective rating. CNCS should undertake a strategic analysis of the government-wide metrics and the weaknesses identified in this evaluation, to develop a multi-year approach designed to realize steady, measurable improvements in information security in each of the component areas. Implementing such a plan will require CNCS to allocate sufficient resources, including staffing, and to be accountable for interim milestones in order to reach an overall Effective rating.

We conducted a series of OIG audits at four HHS Operating Divisions (OPDIVs) using network and web application penetration testing to determine how well HHS systems were protected when subject to cyberattacks.

DOJ News Release