Federal Reports

April 2022 Semiannual Report to Congress

Inspector General Semiannual Report

The United States Capitol Police (USCP or the Department) Training Services Bureau (TSB) is one of eleven organizational units reporting to the Chief Administrative Officer (CAO). TSB is responsible for preparing Department employees to act decisively and correctly in a broad spectrum of situations, for improving overall productivity and effectiveness, and for fostering cooperation and unity of purpose.

In accordance with our Annual Performance Plan Fiscal Year 2022, the Office of Inspector General (OIG) conducted a review of TSB.  Our objective was to determine if (1) the Department’s organizational structure and processes for its training program were the most efficient and effective and (2) the department complied with selected policies, procedures, applicable laws, regulations, guidance, and best practices.  Our scope included the TSB organizational structure, processes, and operations.

The Federal Information Security Management Act requires the information security program of every agency to be evaluated each year. In FY 2021, SBA faced new information security challenges under the weight of lending huge amounts during the pandemic. In 2021, the agency had to deal with months of continued issues caused by the unprecedented volume of loan and grant applications spurred by the Coronavirus Aid, Relief, and Economic Security Act and other pandemic relief laws. We tested a subset of systems in nine areas, called “domains,” and evaluated them using guidance for FISMA metrics. Inspectors General are required to assess the effectiveness of information security programs on a maturity model spectrum.We rated SBA’s overall program of information security as ”not effective” because SBA only achieved a maturity level rating of “managed and measurable” in one of the nine domains.Based on tests of the eight information systems, we determined the results of each domain as follows:1. Risk Management — Defined2. Supply Chain Risk Management — Ad Hoc3. Configuration Management—Defined4. Identity and Access Management — Consistently Implemented5. Data Protection and Privacy — Consistently Implemented6. Security Training — Defined7. Information Security Continuous Monitoring — Defined8. Incident Response — Managed and Measurable9. Contingency Planning — Consistently Implemented.We made 10 recommendations in five of the domains: three recommendations in risk management, three recommendations for configuration management, two for identity and access management, one recommendation for security training, and one for information security continuous monitoring. SBA management agreed with the recommendations in this report.

A new white paper from the U.S. Postal Service Office of Inspector General (OIG) assessed changes in the geographic distribution of collection points and retail sites, and the extent to which these changes display patterns that may have disproportionately affected populations in locations with specific racial, ethnic, and income characteristics. The OIG also identified demographic trends in service performance scores and the volume of negative customer feedback across the U.S. USPS is not required to consider a community’s demographic characteristics — such as race, ethnicity, and income — when implementing changes to mail access or evaluating service quality. However, if the Postal Service considered demographic data, management would be better informed about the potential unintended consequences of their decisions.