An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Justice
Notification of Concerns Regarding the Federal Bureau of Prisons Providing Credentials with Law Enforcement Officer Markings and Badges to Employees That Are Not Authorized to Carry Firearms
An Amtrak lead operational specialist based in Washington, D.C., was terminated from employment on May 27, 2026, following the issuance of our investigative report. Our investigation found that the former employee violated company policy by allowing a non-employee to accompany him in restricted areas without proper authorization and for knowingly submitting expenses and receiving reimbursements for meals for non-company employees. The former employee is not eligible for rehire.
Financial Audit of USAID Resources Managed by Baylor College of Medicine Children's Foundation Malawi Under Cooperative Agreement 72061221CA00011, July 1, 2024, to June 30, 2025
Financial Audit of USAID Resources Managed by Joint Clinical Research Center in Uganda Under Cooperative Agreement 72061720CA00013, October 1, 2024, to September 30, 2025
We found that controls existed to ensure Ohio did not use SNAP administrative funds for participant benefits; however, our analytics of FY 2024 participant data identified 17,000 out of 917,000 households had anomalous data, representing $13.3 million in questioned costs.
Identifying and resolving security flaws and weaknesses in IT infrastructure—known as vulnerability management—helps prevent cyberattacks, data breaches, and system disruptions. The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), provides data for vulnerability management to cybersecurity professionals in the public and private sectors. A backlog of unprocessed vulnerabilities began in February 2024 and continued to grow, undermining the NVD’s utility and public trust.
Our objective was to evaluate the effectiveness and sustainability of NIST’s processes for managing cybersecurity vulnerabilities submitted to the NVD, including the long-term effectiveness of NIST’s strategy for reducing its vulnerability backlog and its measures to prevent future processing delays. NIST considers the NVD a key piece of the U.S. cybersecurity infrastructure, but its actions to resolve the growing backlog did not reflect that characterization. We found that NIST did not have sustainable processes to manage NVD submissions and would be unable to clear the backlog of unprocessed vulnerabilities or prevent future processing delays without significant changes.
We made six recommendations to help NIST manage and establish priorities for the NVD, improve the efficiency and sustainability of enrichment processes, and ensure the best use of government resources.
