Federal Reports

This is the audit of the NEA's information technology systems security. Due to security concerns, this report is not published on the internet. You can obtain a copy of this report through a freedom of information act request at the following link: https://www.arts.gov/freedom-information-act-guide.

We reported on allegations of safety violations and mismanagement that pose serious risk of harm to personnel, infrastructure, and the environment.

An Amtrak service/train attendant based in New Orleans was terminated from employment on October 29, 2021, following her administrative hearing. Our investigation found that the former employee violated company policies by failing to report an April 2019 drug-related arrest as required by company policy. During her interview, the former employee acknowledged her arrest and admitted that she failed to report it to the company.

As required by FISMA, OIG reviewed USDA’s ongoing efforts to improve its information technology security program and practices during FY 2021.

Our objective was to determine whether the U.S. Department of Education’s (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements.The Department made several improvements in implementing its cybersecurity posture. In FY21 the Department improved in three functional areas and three metric areas from Level 2 Defined to Level 3 Consistently Implemented.However, its overall IT security programs and practices were not effective in all the five security functions. We had findings in four of the nine metric domains, which included findings with the same or similar conditions identified in prior reports, as well as open findings from previous years where the corrective action plan was not completed.Although the Department made considerable progress in strengthening its information security programs, we found areas needing improvement in all nine metric domains.