An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Education
The U.S. Department of Education’s Federal Information Security Modernization Act of 2014 Report For Fiscal Year 2017
Although the Department and FSA made progress in strengthening their information security programs, we found weaknesses in the Department’s and FSA’s information systems, and those systems continued to be vulnerable to security threats. As guided by the maturity model used in the FY 2017 IG FISMA Metrics, we found the Department and FSA were not effective in all five security functions—Identify, Protect, Detect, Respond, and Recover. We also identified findings in all seven metric domains: (1) Risk Management, (2) Configuration Management, (3) Identity and Access Management, (4) Security Training, (5) Information Security Continuous Monitoring, (6) Incident Response, and (7) Contingency Planning.
Prescriber identifiers are a valuable program integrity safeguard. They enable CMS and Part D plan sponsors to determine if legitimate practitioners have prescribed drugs for enrollees. Plan sponsors are required to include prescriber identifiers on the Part D prescription drug event (PDE) records they submit to CMS. The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) requires that, beginning in 2016, pharmacy claims for covered Part D drugs must contain valid prescriber National Provider Identifiers (NPIs). Additionally, the law requires the Secretary of the Department of Health and Human Services to establish procedures for determining the validity of these prescriber NPIs. The law also requires OIG to submit to Congress a report on the effectiveness of these procedures no later than January 1, 2018. This evaluation report fulfills OIG's MACRA mandate.
FINANCIAL MANAGEMENT: Audit of the Department of the Treasury's Schedules of United States Gold Reserves Held by Federal Reserve Banks as of September 30, 2017 and 2016
The objective of this review was to perform an independent assessment of the Peace Corps’ information security program, including testing the effectiveness of security controls for a subset of systems as required, for FY 2017. Our results demonstrate that the Peace Corps lacks an effective information security program because of problems related to people, processes, technology, and culture. The Peace Corps needs to embrace a risk-based culture and place greater emphasis on the importance of a robust information security program by involving senior leadership, ensuring agency policies are comprehensive, and prioritizing the time and resources necessary to become fully compliant with Federal laws and eliminate weaknesses.
This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board’s Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report, which is available at the link below.
