Open Recommendations

Implement a single Software Asset Management tool across the Agency.

Centralize software spending insights to include purchase cards.

We recommend the DHS Chief Information Officer develop and execute a separate plan for implementing DHS’ geospatial data strategy or ensure the implementation plan developed for the Department’s Evidence-Based Data Strategy fully considers geospatial data and is consistent with the Geospatial Data Act of 2018.

We recommend the DHS Chief Information Officer pursue a legislative approach, concurrent with existing administrative efforts, for determining how DHS handles, secures, and shares sensitive-but unclassified geospatial data. As appropriate, the effort should be conducted in coordination with internal DHS stakeholders and in combination with any similar efforts undertaken by other agencies.

We recommend the DHS Chief Information Officer confirm that all the platforms on which DHS shares geospatial data are following appropriate geospatial metadata standards.

Improve the coordination and procedures for the NSF offices involved in the Intergovernmental Personnel Act assignee vetting process to ensure issues identified during the process are elevated to an appropriate office or position for resolution.

Strengthen the vetting process for Intergovernmental Personnel Act assignees to address foreign influence-related issues.

We recommend that the Assistant Secretary for Export Enforcement implement policies and procedures to monitor and track firearm qualifications and training, which includes centralized monitoring by those responsible for ensuring compliance with requirements.

We recommend that the DHS Chief Security Officer clarify policies and procedures to require managers to notify security officials to revoke personal identity verification cards and withdraw security clearances within a specific timeframe after individuals separate from DHS.

We recommend that the DHS Chief Security Officer strengthen internal processes to ensure accountability and oversight for all personal identity verification cards that are collected and destroyed when individuals separate from DHS.

We recommend that the DHS Chief Security Officer implement additional controls to ensure personal identity verification card revocation and card destruction are completed and recorded when individuals separate from DHS.

We recommend that the DHS Chief Security Officer implement controls to ensure DHS officials record security clearance withdrawal dates in the Integrated Security Management System when individuals separate from DHS.

We recommend that the DHS Chief Security Officer develop and implement a solution to verify and validate the personal identity verification card access termination process across the Department and a mechanism to monitor its effectiveness.

We recommend that the DHS Chief Security Officer develop and implement a solution to verify and validate the security clearance withdrawal process across DHS and a mechanism to monitor its effectiveness.

We recommend the U.S. Customs and Border Protection, Office of Field Operations, Executive Assistant Commissioner take immediate action to ensure the Blaine Command Center is connected to adequate emergency back-up power. To accomplish this, CBP should work closely with the U.S. General Services Administration to determine the most efficient and effective method for connecting the Blaine Command Center to adequate emergency back-up power.

We recommend the U.S. Customs and Border Protection, Office of Field Operations, Executive Assistant Commissioner take immediate action to ensure video surveillance camera equipment at the Pacific Highway and Peace Arch land ports of entry is connected to adequate emergency backup power. As part of U.S. Customs and Border Protection’s corrective action plan, it should consider assessing its operational areas at the Pacific Highway and Peace Arch land ports of entry to determine any additional equipment requiring connection to adequate emergency back-up power.

We recommend the U.S. Customs and Border Protection, Office of Field Operations, Executive Assistant Commissioner: conduct assessments at its land ports of entry to identify video surveillance camera equipment not connected to adequate emergency back-up power as required; and develop and implement a strategy to fund and timely resolve issues identified during the assessment of land ports of entry.

We recommend that the Department prioritize implementing PIV or other Department-approved MFA methods that cannot be bypassed to allow single-factor authentication for all applications, starting with the Department's HVAs.

We recommend that the Department prioritize the inventory, monitoring, and enforcement of existing controls as well as the controls we recommended in this report for accounts belonging to senior Government employees or accounts with elevated privileges.

We recommend that the Department establish procedures and accountability mechanisms to ensure compliance with policies regarding account management monitoring and timely disabling of inactive accounts.

Ensures the Chief Information Officer plans, conducts, and reports on a full failover test of the NCUA’s IT network to identify and correct any identified weaknesses.

We recommend that the BIA resolve the unreasonable hazard pay costs of $29,574 by requiring the Omaha Tribe to perform an analysis of the costs incurred to applicable criteria and document its determination of reasonableness.

We recommend that the BIA resolve the questioned hazard pay costs of $27,841 for Payment 1 by requiring the Omaha Tribe to provide detailed reconciliation of incurred costs to supporting documentation.

We recommend that the BIA resolve the questioned costs of $182,388 for Payment 2 by requiring the Omaha Tribe to provide detailed complete supporting documentation for the hazard pay and indirect costs.

We recommend that the BIA review the Omaha Tribe's revised policy regarding the custody of checks and document that proper controls have been implemented.