Open Recommendations

Develop qualitative and quantitative performance measures to evaluate the effectiveness of the following: Configuration management plan and change control activities; Data exfiltration and enhanced network defenses; Data breach response plan; Privacy awareness training program; Incident response capability; ISCM policies, strategy, and processes; Incident detection, analysis, handling, and response activities; Information system contingency plans. For all performance measures, ensure that supporting data is obtained accurately, consistently, and in a reproducible format.

Obtain access to the appropriate subject matter experts or training to assist with the implementation of secure configuration settings for its information systems.

Implement the logging requirements outlined within OMB's M-21-31.

Create uniform guidance or policy, providing comprehensive instructions on how to properly process this cyclical workload, possibly using the different training guides already developed by the Social Security Administration.

Re-evaluate this workload with the Centers for Medicare & Medicaid Services (CMS) to determine whether the current process can be improved based on the changes in technology and CMS capabilities.

Establish internal controls to help ensure the healthcare system submits national contract requests for waiver and justifications prior to purchasing available product list items from nonmandatory procurement instruments.

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Office of Management Strategy and Solutions and the Bureau of Diplomatic Technology, (a) conduct a review to determine whether its Office of the Geographer and Global Issues is best positioned to implement compliance with the Geospatial Data Act of 2018, and (b) develop and implement a plan to address the results of the review.

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Office of the Legal Advisor, the Office of Management Strategy and Solutions, and the Bureau of Diplomatic Technology, (a) determine what qualifies as geospatial data for purposes of compliance with the Geospatial Data Act of 2018, Section 759(a), codified at 43 United States Code 2808(a), and (b) formally communicate the determination to affected geospatial data stakeholders.

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Office of Management Strategy and Solutions and the Bureau of Diplomatic Technology, develop and implement a strategy to maintain an inventory of all Department of State geospatial data as prescribed by the Geospatial Data Act of 2018, Section 759(b)(2)(B), codified at 43 United States Code 2808(b)(2)(B), after a determination is made regarding what qualifies as geospatial data, as mentioned in Recommendation 2.

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Office of Management Strategy and Solutions and the Bureau of Diplomatic Technology, develop written policies, procedures, and guidance that can be used to implement requirements 2 through 12 of the Geospatial Data Act of 2018, Section 759(a), codified at 43 United States Code 2808(a).

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Office of Management Strategy and Solutions and the Bureau of Diplomatic Technology, formally define and communicate areas of authority, roles, and responsibilities in the Geospatial Data Strategy for personnel responsible for carrying out compliance with the Geospatial Data Act of 2018.

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Bureau of Budget and Planning, the Office of Management Strategy and Solutions, and the Bureau of Diplomatic Technology, develop and implement a comprehensive, long-term funding plan and include geospatial data when preparing its budget submission as prescribed by the Geospatial Data Act of 2018, Section 759(b)(2)(A), codified at 43 United States Code 2808(b)(2)(A).

OIG recommends that the Bureau of Intelligence and Research, in coordination with the Bureau of Administration, the Office of Management Strategy and Solutions, and the Bureau of Diplomatic Technology, (a) review current records schedules to determine whether data information products and other records created in geospatial data and activities are included on agency record schedules that have been approved by the National Archives and Records Administration as prescribed by the Geospatial Data Act of 2018, Section 759(a)(4), codified at 43 United States Code 2808(a)(4), and (b) update the records schedules as necessary to include geospatial data and activities.

Develop and implement a method to monitor FBI employees' compliance with mandatory reporting of suspected child abuse for an appropriate amount of time following the implementation of its updated policy and take appropriate remedial action in instances of non-compliance.

Develop an enterprise-wide strategy that addresses the rising number of crimes against children and human trafficking (CAC/HT) cases and ensures CAC/HT agents have appropriate support and resources to manage their assigned caseloads.

Implement a comprehensive training program specific to the CAC/HT program for both current and future agents, task force officers, and other FBI employees assigned to this program.

Implement sufficient controls to ensure all incidents involving an imminent or ongoing threat of sexual and/or physical abuse or exploitation of a child or adult are handled within 24 hours as required.

Implement sufficient controls to ensure FBI employees responsible for notifying victims and providing victim services become aware of all eligible federal crime victims, notify and offer services to these victims, and document victim notifications and services offered to victims in the investigative case file.

Enhance its monitoring of leads to ensure that leads are covered timely and appropriately.

We recommend the Massachusetts Executive Office of Health & Human Services follow up with the OTP providers to correct the three services that were not supported by the medical records.

We recommend the Massachusetts Executive Office of Health & Human Services review its procedures designed to prevent OTP noncompliance with Federal and State requirements and make changes to improve documentation of counseling and more timely review of OTP treatment plans.

Chief Information Officer develop and implement procedures to assess whether reinvestigations are performed timely for individuals who possess critical-sensitive/high-risk roles that require system access.

Chief Information Officer develop and implement policies and procedures to obtain feedback on the agency's specialized security training, update the training program, and request that third-party providers update their training content, as appropriate, to keep current with security practices.

To address these shortcomings, we recommend that USADF:
Update its training within 30 days of USAID OIG publishing this advisory to incorporate information on USAID OIG oversight authorities and procedures for disclosing allegations of fraud, waste, abuse, or mismanagement, and develop and implement a plan to provide the updated training to all USADF staff.

To address these shortcomings, we recommend that USADF:
Develop and implement a plan within 90 days of USAID OIG publishing this advisory to schedule fraud awareness briefings with USAID OIG's Office of Investigations for all USADF staff.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

This recommendation contains sensitive information that should not be made public. Therefore, we are not including the wording for this recommendation.

We recommend that the Director of FSEM update OPM's Personal Property Management Policies and Procedures manual. The updated manual should meet all GSA standards and document a formal governance structure for OPM's Personal Property Management Process that clearly assigns responsibilities and delegates authority to all involved in the process.

We recommend that the Director of FSEM conduct an agency-wide inventory.

We recommend that OPM implement an agency-wide personal property system of record.

The VA North Florida/South Georgia Health System Director ensures that providers document their rationales for initiating involuntary examinations under the Baker Act within a patients electronic health record and monitors compliance.

We recommend that the South Carolina Department of Health and Human Services ensure that all physician-administered drugs eligible for rebates after our audit period are processed for rebates.

(U) Rec. 1.a: The DoD OIG recommended that the Assistant Secretary of the Air Force (Space Acquisition and Integration) conduct an analysis of the potential costs and performance benefits of modernizing the Upgraded Early Warning Radar.

(U) Rec. 1.b: The DoD OIG recommended that the Assistant Secretary of the Air Force (Space Acquisition and Integration), using the analysis of the potential costs and performance benefits of modernizing the Upgraded Early Warning Radar, develop a plan of action with milestones to execute the sustainment and modernization needed to maintain mission readiness.

We recommend that DOT determine the allowability of the questioned transactions and recover $919,266, if applicable.

We recommend that DOT work with FTA to determine the allowability of the questioned tribal transactions and recover $116,487, if applicable.

We recommend that the New Mexico Human Services Department work with the MCOs todevelop procedures to monitor PCS provider compliance with attendant qualifications, including those related to criminal background checks, abuse registry checks, TB tests, initial written competency tests, annual training, and CPR and first aid certifications; educate providers more frequently through methods such as guidance letters or webinars to increase PCS providers' understanding of attendant qualification requirements; and take corrective action against providers that do not ensure that attendants comply with qualification requirements, which could include removing providers that repeatedly fail to comply with the State's PCS program.

We recommend that the New Mexico Human Services Department share the results of our audit report with PCS providers statewide to emphasize the importance of attendants meeting qualification requirements and clarify the oversight provisions in its contracts with MCOs to require MCOs to monitor PCS providers' compliance with attendant qualification requirements and report monitoring results to the State agency.

We recommend that the Utah Department of Health and Human Services coordinate with DWS to provide periodic training to caseworkers that focuses on verifying and documenting information used and steps performed during the eligibility renewal process, including: (1) verifying income and assets, (2) verifying residency/contact information, and (3) correctly executing case review and reporting.

Rec. A.1.b: The DoD OIG recommended that the Commander, Air Force Materiel Command update Air Force Technical Order 00-35D-54, "USAF Deficiency Reporting, Investigation, and Resolution (DRI&R),"August 15, 2022, to provide details on the process for obtaining restitution from contractors that provide defective parts. The guidance should identify key roles and responsibilities and require the involvement of the responsible contracting officer in the process. The guidance should also require personnel to preserve an audit trail to support the receipt of restitution and specify the type of documentation needed. Upon completion of the updates, establish a program to provide recurring training to…

Rec. A.1.c: The DoD OIG recommended that the Commander, Air Force Materiel Command develop and implement controls and oversight to ensure tracking of contractor restitution from the completion of the investigation of the report on deficiencies in product quality through the receipt of restitution.

Rec. B.1.a: The DoD OIG recommended that the Commander, Air Force Materiel Command require C-130J aircraft deficiency reporting personnel to establish a process to track defective C-130J aircraft parts to ensure that the parts are shipped to the contractor and repaired or replaced under warranty. Also, comment on the $3 million in questioned costs related to defective parts the Air Force was unable to recover and $200,000 in questioned costs the Air Force incurred to repair defective parts under warranty. If the Commander disagrees with the questioned costs, identify the amount and the reason.

Ensure lessons learned from the ML-2’s acquisition, contract, and project management are codified to inform future development efforts

Conduct a thorough analysis of the feasibility of utilizing the fixed-price option, and if NASA determines that it will not be exercised, remove the option from the ML-2 contract

3. We recommend that the NOAA Administrator direct the NOAA Deputy Undersecretary of Operations to ensure NESDIS delivers official requirements to OCS for development of the NCCF.

9. We recommend that the NOAA Administrator direct the NOAA Deputy Undersecretary of Operations to ensure NESDIS migrates the NCCF cloud system to a FedRAMP approved high-impact cloud platform or provides the equivalent protection.

10. We recommend that the NOAA Administrator direct the NOAA Deputy Undersecretary of Operations to ensure NESDIS revises NCCF security documents to ensure security controls align with the high-impact security requirements.

EXIM’s Office of Policy Analysis and International Relations should consider conducting a study with existing EEP exporters, to identify the key factors resulting in the decision to utilize EXIM for financing the EEP export. These key factors should then be assessed for potential inclusion into future outreach efforts with potential U.S. exporters to expand EEP transaction opportunities.