Federal Reports

The OIG investigated anonymous allegations that a Bureau of Indian Affairs (BIA) employee and another individual engaged in inappropriate behavior with two minors under their care. We conducted this investigation with assistance from the Federal Bureau of Investigation. Our investigation found insufficient evidence to prove or disprove the allegations. We coordinated our investigation with the responsible U.S. Attorney’s Office.

The OIG investigated allegations that National Park Service (NPS) employee Stephanie Wallace used another NPS employee’s Government purchase card to make personal purchases. We found that Wallace used the employee’s purchase card to pay for her children’s private school tuition.Wallace pleaded guilty to theft of Government property. She was sentenced to 5 days of home detention and a probationary term of 1 year, and she was ordered to pay restitution totaling $8,328.24.

The Office of Refugee Resettlement (ORR), a program office of the Administration for Children and Families (ACF) within HHS, manages the Unaccompanied Alien Children Program. ORR funds a network of about 195 facilities. ORR also operates influx care facilities to provide temporary emergency shelter and services for children. ORR contracted with Comprehensive Health Service, LLC (CHS), a medical management services provider, to operate a temporary influx care facility located in Homestead, Florida. Some members of Congress have expressed concerns about ORR’s awarding of a $341 million sole source contract to CHS.

The information security program of the Corporation for National and Community Service, now called AmeriCorps, remains Not Effective and has shown little progress over the past four years. While AmeriCorps has demonstrated some improvement on configuration management, key areas of organization-wide risk management strategy, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management have remained stagnant at a low level of maturity. AmeriCorps continues to suffer a significant number of critical and high-risk vulnerabilities, which were not mitigated within the prescribed deadlines commensurate with their importance. Nor has AmeriCorps made significant progress in closing prior recommendations. Since last year, only eleven of the 58 open recommendations from the FY 2014 – FY 2019 FISMA evaluations have been resolved, yielding limited improvements in FISMA metric results. An inability to address critical deficiencies leaves AmeriCorps systems and data vulnerable to data breaches, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers nine recommendations (eight new and one modified repeat), which, together with the prior year recommendations, will assist AmeriCorps in addressing challenges in the development of a mature and effective information security program. AmeriCorps has committed to implementing corrective actions to our recommendations.