Federal Reports

The Audit of the Agency’s Parking and Transportation Initiatives found that the NSA Washington (NSAW) had not identified parking as a priority at its Fort Meade, Md., location and failed to implement solutions to minimize an ongoing parking shortage. The report recounted how, for decades, NSAW employees have expressed concerns about parking. Nevertheless, the OIG found that the agency’s parking and transportation initiatives lacked sufficient goals, plans, and strategies, and that those initiatives had basic internal control deficiencies such as the lack of a consistent process for developing, approving, and implementing initiatives. This resulted in projects being demolished, inoperable, or only partially implemented, limiting or eliminating their value to the agency and negatively affecting employee morale.

The OIG’s Audit of Cost-Reimbursement Contracts revealed several deficiencies that had the potential to impact the agency’s ability to determine whether cost-reimbursement contract costs are allowable, allocable, and reasonable through the performance of due diligence regarding invoice review. The OIG found ineffective and inefficient processes by the Contracting Officer Representatives and non-compliance with contract clauses and insufficient billing documentation. The OIG questioned approximately $227 million in labor charges and more than $226,000 in travel charges.

The objective of the performance audit was to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with Federal Information Security Modernization Act of 2014 (FISMA)1 requirements, as defined by the Department of Homeland Security (DHS).

To see our report, click on the link below

What We Looked AtThe Federal Motor Carrier Safety Administration (FMCSA) regulates and oversees the safety of commercial motor vehicles. It partners with other agencies and the motor carrier industry to conduct this work. The Agency uses 13 web-based applications to aid vehicle registration, inspections, and other activities. Many of FMCSA’s information systems contain sensitive data, including personally identifiable information (PII). Due to the importance of FMCSA’s programs to the transportation system and sensitivity of some Agency information, we conducted this audit of FMCSA’s information technology (IT) infrastructure. Our objective was to determine whether FMCSA’s IT infrastructure contains security weaknesses that could compromise the Agency’s systems and data. What We FoundWe found vulnerabilities in several Agency web servers that allowed us to gain unauthorized access to FMCSA’s network. FMCSA did not detect our access or placement of malware on the network in part because it did not use required automated detection tools and malicious code protections. We also gained access to 13.6 million unencrypted PII records. Had malicious hackers obtained this PII, it could have cost FMCSA up to $570 million in credit monitoring fees. Furthermore, the Agency does not always remediate vulnerabilities as quickly as DOT policy requires. These weaknesses put FMCSA’s network and data at risk for unauthorized access and compromise. Our RecommendationsFMCSA concurred with our 13 recommendations. We consider all 13 recommendations resolved but open pending FMCSA’s completion of planned actions. Sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552, has been redacted and we have marked the document as FOR OFFICIAL USE ONLY.