Federal Reports

The Office of Inspector General conducted a follow‐up audit evaluating NASA’s process for transferring Agency‐developed technology to the commercial sector.

We identified actions that Washington has taken, using Federal funds for improving prescription drug monitoring programs (PDMPs), to achieve program goals toward improving safe prescribing practices and preventing prescription drug abuse and misuse. As of July 2018, Washington had completed some of the activities it proposed for the Centers for Disease Control and Prevention (CDC) grant to enhance and maximize its PDMP. Specifically, of the 11 activities proposed for the audit period (March 1, 2016, through August 31, 2017), 6 were completed, and the remaining 5 were partially completed.

Overall, the Department continues to implement changes to strengthen its enterprise-wide information security program. We identified opportunities where the Department can strengthen their overall information security program. The Department continues to work toward implementing a Department-wide Continuous Diagnostics and Mitigation program with the Department of Homeland Security. This should help the Department achieve a higher level of maturity for its information security program in subsequent years. Additionally, we identified weaknesses in the following areas: risk management, configuration management, identity and access management, data protection and privacy, security training, information security continuous monitoring, incident response, and contingency planning. The Department needs to ensure that all operating divisions consistently review and remediate or address the risk presented by vulnerabilities discovered, consistently implement account management procedures, and accurately track systems to ensure they are operating with a current and valid Authority to Operate. Additionally, the Department should focus on configuring recently deployed continuous diagnostic monitoring tools to automate the integration of cyber risks into newly developed enterprise risk management programs. These steps will strengthen the information security program and further enhance its mission.

Due to the importance of an effective response in the event of an emergency, we conducted an evaluation to determine if (1) emergency response plans at coal plants were up to date and (2) required systems were available and functional.We found the majority of emergency plans for active and retired coal plants were not reviewed on a timely basis or were not up to date. Specifically, we found (1) three of six emergency plans for active coal plants were not reviewed timely based on TVA’s requirement for an annual review, and all six contained inaccurate contact information; (2) two of four emergency plans for retired coal plants were not reviewed timely and plans were not executable because of changed plant conditions; and (3) 14 of 15 emergency action plans required for coal combustion residuals storage facilities were not reviewed on a timely basis. We also found some systems required in emergency response plans were not functional. Specifically, we observed functional issues with emergency alerting and notification systems at two of the three plants we visited.