An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Energy
The Department of Energy Took Actions Necessary to Implement the Cybersecurity Information Sharing Act of 2015
The Cybersecurity Information Sharing Act of 2015 (Cybersecurity Act) requires agencies to develop processes and procedures to facilitate and promote the timely sharing of cyber threat information. It also requires the Office of Inspector General to report to Congress at least every 2 years on the sufficiency of information sharing policies, procedures, and guidelines.
We participated in a joint review led by the Office of the Inspector General of the Intelligence Community to assess efforts by seven executive agencies, including the Department of Energy, to implement Cybersecurity Act requirements related to policies and procedures, information sharing, and barriers.
Our evaluation determined that the Department had taken the actions necessary to implement the requirements of the Cybersecurity Act. Specifically, we found that policies and procedures related to the sharing of cyber threat indicators were sufficient and included requirements for the removal of personally identifiable information. Officials also indicated that they were unaware of any violations by the Department regarding the failure to remove personally identifiable information related to a cybersecurity threat. In addition, Department officials informed us that security clearances were authorized for the purpose of sharing classified cyber threat indicators and defensive measures with the private sector. The Department also continued to share and receive cyber threat indicators using Automated Indicator Sharing capabilities during the period under review.
Although the barrier related to the quality of cyber threat indicators received from the Office of the Director of National Intelligence was mitigated since our 2023 evaluation, with the discontinued active feed of the Intelligence Community Analysis and Signature Tool, Department officials noted another barrier related to the quality of cyber threat indicators shared with the Department and industry partners. Specifically, information-sharing fatigue from the large quantity of cyber threat indicators was noted as an issue. While Department officials noted this barrier, we did not identify any associated impact to the sharing of threat indicators and defensive measures from calendar year 2023 through calendar year 2024.
Due to the Department’s continued implementation of the Cybersecurity Act, we did not make formal recommendations for improvement.
The National Oceanic and Atmospheric Administration's (NOAA's) Office of Marine and Aviation Operations (OMAO) is overseeing the construction of new ships, known as Class B ships, to replace hydrographic survey ships that are nearing the end of their planned service lives. Shipbuilding is a complex, multistage industrial process that requires structured oversight and controls at each phase. If the existing hydrographic survey ships are not replaced on time, NOAA has estimated a loss of 90 to 100 percent of its charting and mapping capability for the country’s Pacific Islands and Tropical Pacific and West Coast regions by 2028.
Our objective was to assess the management and oversight of the Class B ship acquisition by OMAO. We found that OMAO’s acquisition planning did not fully account for the resources, requirements, and processes that are necessary to perform Government Contract Quality Assurance (GCQA) management and oversight tasks for a new shipbuilding program. Specifically, for its Class B ship construction, OMAO (1) did not fully develop and implement the necessary controls to conduct GCQA, (2) did not identify or develop the necessary personnel, skills, and experience to conduct GCQA, and (3) did not have a system or method to record and track quality deficiencies and observations. Correcting these issues is critical to ensure that the ship construction meets contract requirements and an acceptable level of quality.
We made five recommendations to help OMAO implement its quality assurance program for ship construction, address shortfalls in workforce planning and technical oversight, and ensure that quality assurance oversight metrics during ship construction are tracked and stored. NOAA concurred with our recommendations and is working to implement them.
In fiscal year 2025, CPSC staff obligated funds, through various interagency agreements, without having properly delegated authority to do so. Although we found no indicia of fraud, waste, abuse, or other criminal activity, the unauthorized obligations constitute non-monetary loss improper payments.
The U.S. Environmental Protection Agency Office of Inspector General initiated this project to summarize findings from prior EPA OIG reports on the EPA’s management of the Infrastructure Investment and Jobs Act funding for the 2022 Clean School Bus Rebates Program that could help inform the Agency’s decision-making when funding future programs.
Summary of Findings
We reviewed five previously issued EPA OIG reports related to the EPA’s 2022 Clean School Bus Rebates Program. From those, we identified two main issues with the program: the application and selection process and the management of funds. We also analyzed the 11 recommendations that we made to the EPA to address the deficiencies identified in those five prior reports. The Agency has completed or is in the process of implementing corrective actions for all 11 prior recommendations.
An Amtrak trackman based in Philadelphia, Pennsylvania, was terminated from employment on April 1, 2026, following an administrative hearing. Our investigation found that the former employee requested and properly received Railroad Retirement Board (RRB) unemployment benefits but continued to claim and receive those benefits for 25 days after returning to work, in violation of RRB rules as well as company policies. In addition, the former employee was also found to have improperly stored and lost his Smart ID card and did not replace it in a timely manner, resulting in a failure to swipe in and out of a Time Entry Device. The former employee is not eligible for rehire.
Audit of the Civil Rights Division’s Security Controls and the CRT-Justice Consolidated Office Network (CRT-JCON) System Pursuant to the Federal Information Security Modernization Act of 2014, Fiscal Year 2025
Audit of the Civil Rights Division’s Information Security Management Program Pursuant to the Federal Information Security Modernization Act of 2014, Fiscal Year 2025
As required by the Inspector General Act of 1978 (as amended), this Semiannual Report summarizes the activities of the Office of Inspector General for the preceding 6-month period.