Federal Reports

The VA Office of Inspector General (OIG) conducts information technology (IT) inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the Alexandria VA Medical Center (VAMC) in Louisiana because it had not been previously visited as part of the annual FISMA audit.The OIG inspections are focused on four security control areas that apply to local facilities and have been selected based on their levels of risk: configuration management, contingency planning, security management, and access controls. The OIG found deficiencies with configuration management, security management, and access controls, but not with contingency planning controls.The deficiencies in configuration management included inaccurate inventories, uninstalled patches, and out-of-date operating systems, all of which deprive users of reliable access to information and could risk unauthorized access to, or the alteration or destruction of, critical systems. The team identified a security management issue in the center’s video surveillance system that could impact the integrity and protection of that system. Weak physical access controls, such as incorrectly installed or failing equipment, compromised the security and maintenance of the information system, and an outdated operating system prevented accurate tracking of access to the data center.The OIG made six recommendations to the assistant secretary for information and technology and chief information officer to improve controls at the Alexandria VAMC because they are related to enterprise-wide information technology security issues similar to those identified on previous FISMA audits and IT security reviews. The OIG also made two recommendations to the Alexandria VAMC director.

This report presents a summary of the results of our self-initiated audits assessing the efficiency of selected processes at three selected retail units in the Georgia District (Project Number 22-125). These retail units include the Atlanta, GA Main Post Office (MPO), the Marietta, GA MPO, and the Stone Mountain, GA Post Office (PO) in the Southern Area. We previously issued interim reports to district management for each of these retail units regarding the conditions we identified.

This interim report presents the results of our self-initiated audit of the efficiency of selected processes at the Bon Air Branch, Richmond, VA (Project Number 22-141-1). This audit was designed to provide U.S. Postal Service management with timely information on potential financial control risks at Postal Service locations. The Bon Air Branch is in the Virginia District of the Atlantic Area. We judgmentally selected the Bon Air Branch for our audit.

Final results of the FTC OIG’s survey of contracting officer’s representatives (CORs)

Objective: To review the Social Security Administration’s (SSA) efforts to implement new incoming data exchanges to reduce its reliance on beneficiaries’ self-reporting information that could affect their eligibility and payment amounts.