Federal Reports | Oversight.gov

Min

Max

Items per page

Report Date	Agency Reviewed / Investigated	Report Title	Type	Location
12/20/2023	Department of Housing and Urban Development	Fiscal Year 2023 Federal Information Security Modernization Act of 2014 Penetration Test Evaluation Report	Inspection / Evaluation	Agency-Wide	View Report
					View Report
Submitting OIG Department of Housing and Urban Development OIG Report Description We have completed our fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) penetration test and vulnerability assessment. The objective of this evaluation was to test and verify the technical implementation of a limited set of security controls on judgmentally selected U.S. Department of Housing and Urban Development (HUD) information systems and applications.HUD demonstrated successes in securely configuring networks and systems. The local area network (LAN) configurations in the Regional Office we tested ensured that our security testing tools could not operate properly, which prevents unauthorized use of security tools on network-connected devices. We also found that HUD improved its ability to detect active threats. HUD’s security information and event management solution detected one of our simulated malicious activities. Lastly, HUD made progress at addressing known vulnerabilities, as they mitigated a structured query language injection vulnerability on one of the web applications we tested.Our testing did identify potential security weaknesses within one of the tested systems. We exploited an authentication bypass vulnerability, reducing the effectiveness of HUD's least privilege, non-repudiation, and session auditing controls. Using a nonprivileged account, we discovered a plain text password file from 2003. This password file was not current, but a lack of encryption allowed us to learn password trends of users. We accessed privileged information on a HUD system without a privileged account. We discovered that a select number of HUD usernames can be associated with an employee’s identity, leading to a higher risk of additional attacks.We discovered some systems used unsupported or end-of-life operating systems. While we discovered strengths in some of HUD’s security posture, this evaluation revealed security weaknesses in one of the systems we tested which HUD should continue to improve. This report issues recommendations that address the specific weaknesses we discovered. We also offer opportunities for improvement, which will not be formally tracked as recommendations, to help guide HUD in technical system improvements. Continued collaboration between OCIO and program offices will help address weaknesses and improve HUD’s overall security posture. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.Open configuration optionsRECOMMENDATION STATUS DATE ISSUED SUMMARY2023-OE-0001a-01 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.2023-OE-0001a-02 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.2023-OE-0001a-03 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.2023-OE-0001a-04 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.2023-OE-0001a-05 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.2023-OE-0001a-06 Open December 20, 2023 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Number of Recommendations 0 Report Number 2023-OE-0001a Department of Housing and Urban Development OIG Image
12/19/2023	U.S. Agency for International Development	Closeout Financial Audit of Feed the Future Guatemala, Coffee Value Chains Project, Managed by Federacin de Cooperativas Agrcolas de Productores de Caf de Guatemala, Cooperative Agreement 72052018CA00001, January 1, 2022 to February 15, 2023	Other	Guatemala	View Report
					View Report
Submitting OIG U.S. Agency for International Development OIG Number of Recommendations 0 Report Number 9-520-24-003-R U.S. Agency for International Development OIG Image
12/19/2023	Department of Justice	Investigative Summary: Findings of Misconduct by a then Drug Enforcement Administration Assistant Special Agent in Charge for Having an Inappropriate, Intimate Relationship with a Subordinate, Obstruction, Lack of Candor, and Related Misconduct	Investigation	Agency-Wide	View Report
					View Report
Submitting OIG Department of Justice OIG Report Number 24-017 Department of Justice OIG Image
12/19/2023	Small Business Administration	SBA's Handling of Identity Theft in the COVID-19 Economic Injury Disaster Loan Program	Inspection / Evaluation	Agency-Wide	View Report
					View Report
Submitting OIG Small Business Administration OIG Report Description This report presents the results of our verification inspection of the U.S. Small Business Administration’s (SBA) corrective actions for the five recommendations from the Office of Inspector General (OIG) evaluation report SBA’s Handling of Identity Theft in the COVID-19 Economic Injury Disaster Loan Program (Report 21-15).We initiated this verification inspection to determine whether the closed recommendations were fully implemented or if further corrective actions were needed. Accordingly, our objective was to determine the effectiveness of the corrective actions SBA implemented to 1) resolve credit-related issues for Coronavirus Disease 2019 Economic Injury Disaster Loan identity theft victims, 2) charge-off fraudulent loans and remove Uniform Commercial Code filing fees for loans associated with identity theft, and 3) review over 150,000 returned billing statements and resolve any involving identity theft.We determined OIG Report 21-15 recommendations 1, 2, 3, and 4 to be fully implemented; however, SBA management has not fully implemented recommendation 5. We will track management’s execution by reopening the recommendation and will work with SBA to establish a target date for enacting corrective actions through the audit follow-up process. Number of Recommendations 1 Report Number 24-04 Small Business Administration OIG Image
12/19/2023	Internal Revenue Service	Administration of the Individual Taxpayer Identification Number Program	Audit	Agency-Wide	View Report
					View Report
Submitting OIG Treasury Inspector General for Tax Administration Number of Recommendations 8 Report Number 2024-400-012 Treasury Inspector General for Tax Administration Image
12/19/2023	Federal Deposit Insurance Corporation	DOJ Press Release: Brockton Man Pleads Guilty to Fraudulently Obtaining More Than $1.5 Million in COVID-Relief Funds	Investigation	MA United States	View Report
					View Report
Submitting OIG Federal Deposit Insurance Corporation OIG Report Number PR-12-19-23 Federal Deposit Insurance Corporation OIG Image
12/19/2023	Department of Health & Human Services	California Did Not Comply With Requirements for Documenting Psychotropic and Opioid Medications Prescribed for Children in Foster Care	Audit	CA, United States	View Report
					View Report
Submitting OIG Department of Health & Human Services OIG Number of Recommendations 4 Report Number A-05-22-00007 Department of Health & Human Services OIG Image
12/19/2023	Department of the Treasury	FINANCIAL MANAGEMENT: Audit of the Exchange Stabilization Fund’s Financial Statements for Fiscal Years 2023 and 2022	Audit	Agency-Wide	View Report
					View Report
Submitting OIG Department of the Treasury OIG Number of Recommendations 0 Report Number OIG-24-016 Department of the Treasury OIG Image
12/19/2023	Department of the Treasury	FINANCIAL MANAGEMENT: Management Letter for the Audit of the Exchange Stabilization Fund’s Financial Statements for Fiscal Years 2023 and 2022	Audit	Agency-Wide	View Report
					View Report
Submitting OIG Department of the Treasury OIG Number of Recommendations 1 Report Number OIG-24-017 Department of the Treasury OIG Image
12/19/2023	Department of Veterans Affairs	Comprehensive Healthcare Inspection of the W.G. (Bill) Hefner VA Medical Center in Salisbury, North Carolina	Inspection / Evaluation	Salisbury, NC United States	View Report
					View Report
Submitting OIG Department of Veterans Affairs OIG Report Description This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the care provided at the W.G. (Bill) Hefner VA Medical Center in Salisbury, North Carolina.This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (suicide prevention initiatives)The OIG issued four recommendations for improvement in the mental health area of review:• Comprehensive Suicide Risk Evaluationo Completion following positive suicide screeno Suicide prevention team notified of suicidal or self-directed violent behaviors in previous 12 months• Full-time suicide prevention coordinator appointed for community-based outpatient clinics that serve 10,000 veterans annually• Suicide-related events reported monthly to mental health leaders and quality management staff Number of Recommendations 4 Report Number 23-00004-37 Department of Veterans Affairs OIG Image