Federal Reports

This report presents the results of our audit of mail delivery, customer service, and property conditions in the Minnesota-North Dakota District.

Why We Did This ReportThe U.S. Environmental Protection Agency Office of Inspector General conducted this evaluation to determine the financial capacity of the New Mexico Environment Department to manage its Infrastructure Investment and Jobs Act funding for the Clean Water State Revolving Fund Program. Summary of FindingsThe New Mexico Environment Department, or NMED, is sufficiently meeting the financial and organizational dimensions of capacity to manage and use its infrastructure funds for the Clean Water State Revolving Fund, or CWSRF, Program. However, the NMED faces stakeholder- and human-capital-related challenges that limit its capacity to effectively manage and use its CWSRF Infrastructure Investment and Jobs Act, or IIJA, funding. These challenges are compounded by the fact that the NMED is not fully staffed and has difficulty filling its vacancies. Should program participation increase, NMED staff may have difficulty managing the corresponding increase in the CWSRF workload.

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Fair Housing and Equal Opportunity’s, implementation of Executive Order 13988, which President Biden issued to prevent and combat discrimination on the basis of gender identity or sexual orientation. We performed this audit to assess HUD’s progress in developing an action plan to implement the executive order. Our audit objective was to determine whether HUD had established and implemented a plan to prevent and combat discrimination based on gender identity and sexual orientation. HUD developed a proposed plan of action related to Executive Order 13988. According to HUD Office of General Council officials, HUD submitted its proposed plan to the White House Domestic Policy Council within 100 days of Executive Order 13988, thereby satisfying the requirements of the executive order. To implement its plan, HUD regional offices and Fair Housing Assistance Program agencies identified and notified almost all complainants who alleged gender identity or sexual orientation discrimination in accordance with its guidance. It also committed to the Equal Access Rule. As a result of developing and implementing the plan, HUD had reasonable assurance that its regional offices and FHAP agencies were properly identifying and addressing allegations of gender identity or sexual orientation discrimination in HUD programs and HUD-assisted housing and shelters.The report contains no recommendations.

The OIG conducts information security inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the VA Bedford Healthcare System because it had not been recently visited as part of the annual FISMA audit.The OIG’s information security inspection focused on three security control areas: configuration management, security management, and access controls. During this inspection, the OIG found deficiencies with all three areas.Configuration management deficiencies included databases hosting personally identifiable information not monitored with quarterly compliance scans, thereby increasing the risk of an undetected data breach. The team also found that devices not meeting VA baseline security configurations should have been updated with vendor-supported systems software during the standard system development life-cycle process.Within security management, the OIG determined that special-purpose systems did not have an authorization to operate and the special-purpose systems at Bedford included one that warranted higher security levels. The OIG also identified deficiencies with the continuous monitoring of the Lynx Duress panic button system.Finally, restricting physical access, monitoring of physical access, and implementing appropriate physical and environmental controls were also deficient. At the Edith Nourse Rogers Memorial Veterans’ Hospital, concerns were identified with badge and key access, hospital video surveillance of the server room and communications closet, and emergency power controls and proper grounding.The OIG made five recommendations to the assistant secretary for information and technology and chief information officer and four recommendations to the VA Bedford Healthcare System director in conjunction with the assistant secretary for information technology.