Federal Reports

Without timely tracking and remediation of known vulnerabilities, the Agency risks compromising the confidentiality, integrity, and availability of environmental and radiation data used for determining responses to national incidents and safeguarding first responder personnel.

In July 2022, we conducted unannounced inspections of U.S. Customs and Border Protection (CBP) facilities in the Yuma and Tucson areas of Arizona, specifically five U.S. Border Patrol facilities and two Office of Field Operations (OFO) ports of entry (POE).

As part of our annual audit planning, we completed a threat assessment to identify high risk cybersecurity threats that could potentially impact Tennessee Valley Authority (TVA). We determined the potential impact for system intrusion through misconfigurations or unpatched systems to be high. Therefore, we included an audit of TVA Transmission Operations and Power Supply (TOPS) organization’s management of Mac® desktops and laptops as part of our 2022 audit plan. In summary, we determined MacBooks® managed by TOPS followed TVA’s configuration management policy. However, we determined 3 of 15 MacBooks® did not follow TVA policy for patch management. Specifically, one MacBook® was obsolete, and two had inconsistent patching history. In addition, we identified a gap between TVA policy and a TOPS patch management work instruction. TVA management agreed with our findings and took action to (1) surplus one MacBook® we identified as obsolete and (2) update the TOPS work instruction to align with TVA policy.

Our objective was to determine if the Postal Service has effective controls for maintaining accurate and complete data in CAMS; if there are manual controls within CAMS that can be automated; and if there are data options within CAMS that are not being utilized effectively.