Federal Reports

To see the interactive report, click here: https://oig.justice.gov/reports/federal-bureau-prisons-efforts-maintain…

What We Looked AtWe queried and downloaded 74 single audit reports prepared by non-Federal auditors and submitted to the Federal Audit Clearinghouse between January 1, 2023 and March 31, 2023, to identify significant findings related to programs directly funded by the Department of Transportation (DOT). What We FoundWe found that reports contained a range of findings that impacted DOT programs. The auditors reported 36 incidents of significant noncompliance with Federal guidelines related to 15 grantees that require prompt action from DOT’s Operating Administrations (OA). Of the 36 findings, 21 were repeat findings related to 8 grantees. The auditors also identified questioned costs totaling $14,886,138 for six grantees. Of this amount, $7,612,623 was related to the Crow Tribe of Indians, $5,472,288 was related to Pit River Tribe, and $1,146,291 was related to the COVID-19 formula grants of the Suburban Mobility Authority for Regional Transportation, Detroit, MI. Additionally, we identified nonmonetary repeat findings that caused a disclaimer of opinion for the Crow Tribe of Indians, Crow Agency, MT. RecommendationsWe recommend that DOT coordinate with the impacted OAs to develop a corrective action plan to resolve and close the findings identified in this report. We also recommend that DOT determine the allowability of the questioned transactions and recover $14,886,138, if applicable.

Evaluation of the FLRA's Preparedness Against Cyber Security Attacks

OIG identified the prevention measures that Forest Service established for recreation sites in response to the COVID-19 pandemic.

The lack of vulnerability scans increases the risk that vulnerabilities are not identified and remediated in a timely manner and could result in data loss or disruption to Agency operations.

The Federal Information Security Modernization Act of 2014 (FISMA) requires the Office of Inspector General to conduct an annual independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems. As part of that evaluation, the Office of Inspector General is required to assess the Department’s cybersecurity program according to FISMA security metrics issued by the Office of Management and Budget and the Council of the Inspectors General on Integrity and Efficiency.We conducted this evaluation to determine whether the Department’s unclassified cybersecurity program adequately protected data and information systems. Our fiscal year 2022 FISMA evaluation determined that the Department, including the National Nuclear Security Administration, had not taken appropriate actions to address many previously identified weaknesses related to its unclassified cybersecurity program. Although actions were taken to close 23 of 61 recommendations from our prior evaluations, 38 recommendations remained open. We also issued 35 new recommendations, many of which were similar in type to the deficiencies identified in our previous reports.The weaknesses identified occurred for a variety of reasons. For instance, weaknesses related to system integrity of web applications generally occurred because the applications were configured without adequate security controls designed to reject malicious input. In addition, identity and access management weaknesses occurred because officials were unaware of, or had not implemented, current account management requirements.To correct the cybersecurity weaknesses identified throughout the Department, we made 73 recommendations (of which 38 were made during prior evaluations) to the Department’s programs and sites, including those identified during this evaluation and in other issued reports. Specific recommendations were made to each of the locations where weaknesses were identified. Corrective actions to address each of the recommendations, if fully implemented, should enhance the Department’s unclassified cybersecurity program. Management concurred with all but two recommendations issued to programs and sites related to improving the Department’s cybersecurity program.

This report summarizes the results of the CliftonLarsonAllen (CLA) audit and contains four recommendations that will assist the agency in strengthening cybersecurity controls related to its firewalls and the Security Information and Event Management (SIEM) tool. NCUA management concurred with and has taken or planned corrective actions to address the recommendations.