An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of the Interior
Flash Report: Orphaned Wells Programs – Breaking Down Responsibilities for Addressing Orphaned Wells
The U.S. Postal Service holds its cash in the Postal Service Fund with the Federal Reserve Bank of New York and, traditionally, has invested its excess cash in highly liquid, overnight investments (Overnight Treasuries) issued by the U.S. Department of Treasury (Treasury), where interest rate changes are more pronounced than in longer-term investments. Postal Service cash has grown from $2.3 billion in fiscal year (FY) 2013 to $19.6 billion at year-end FY 2022.
Independent Attestation Review: Food and Drug Administration Fiscal Year 2022 Detailed Accounting Submission and Budget Formulation Compliance Report for National Drug Control Activities, and Accompanying Required Assertions
Independent Attestation Review: Centers for Disease Control and Prevention Fiscal Year 2022 Detailed Accounting Submission and Budget Formulation Compliance Report for National Drug Control Activities, and Accompanying Required Assertions
Independent Attestation Review: National Institutes of Health Fiscal Year 2022 Detailed Accounting Submission and Budget Formulation Compliance Report for National Drug Control Activities, and Accompanying Required Assertions
The VA Office of Inspector General (OIG) conducts information security inspections to assess whether VA facilities are meeting federal security requirements. These inspections focus on four security control areas that apply to local facilities and have been selected based on their levels of risk: configuration management, contingency planning, security management, and access controls. During this inspection, the OIG found deficiencies with configuration management, security management, and access controls.Configuration management controls were deficient in vulnerability remediation, the process to identify, classify, and fix weaknesses. Without an effective vulnerability management program, opportunities for exploitation increase.The security management control deficiency was in system security planning, which is needed for authorizing a system to operate. Without a system security plan or an authorization to operate, and without requiring contractors to adhere to federal and VA security requirements, the facility cannot be sure that security controls will be implemented as required.The security management deficiencies were in network segmentation, physical access, environmental, audit and monitoring, and records management controls. Without these safeguards, breaches are more likely to occur and harder to detect, and assets are at risk of accidental or intentional destruction.The assistant secretary for information and technology and chief information officer concurred with all but one of the OIG’s nine recommendations. Regarding his nonconcurrence, the assistant secretary reported that the devices identified by the OIG as lacking required isolation—the finding that resulted in recommendation 4—do not meet the definition for devices subject to this requirement. However, these devices were identified by the facility as containing medical systems and therefore, per VA policy, fall under the medical device isolation architecture guidance. The OIG thus stands by its recommendation.
