Management Advisory Report: Cybersecurity Breaches Highlight a Need for Improvement in Peace Corps’ Incident Response (IG-24-01-SR)

View Report

Date Issued

Tuesday, December 19, 2023

Submitting OIG

Peace Corps OIG

Other Participating OIGs

Peace Corps OIG

Agencies Reviewed/Investigated

Peace Corps

Components

Agency-wide

Report Description

The purpose of this report is to bring to your attention needed improvements that the Office of Inspector General (OIG) identified while reviewing Peace Corps’ response process for cybersecurity incidents and its adherence to Federal and agency requirements. We reviewed the agency’s actions taken during three separate cybersecurity incidents from June 2022 through July 2023.

Report Type

Other

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2	No	$0	$0
Office of the Chief Information Officer implement adequate data logging in compliance with applicable NIST guidance.
4	No	$0	$0
Office of Chief Information Officer implements and updates the agency’s cybersecurity incident response plan to align with Manual Section 899 to include the Office of Inspector General and other required offices in breach notifications.
7	No	$0	$0
Office of Chief Information Officer ensures that the Peace Corps network is continuously monitored to mitigate the risk of cyberthreats.