Skip to main content
Report File
Date Issued
Submitting OIG
Department of the Interior OIG
Other Participating OIGs
Department of the Interior OIG
Agencies Reviewed/Investigated
Department of the Interior
Components
Departmentwide
Report Number
2022-ITA-025
Report Description

We found weaknesses in DOI’s cyber risk management and governance could cause mission disruptions, compromised data, and misuse of public funds.

Report Type
Inspection / Evaluation
Agency Wide
Yes
Number of Recommendations
10
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
2022-ITA-025-01 Yes $0 $0

We recommend that the Office of the Chief Information Officer extend the capability of its data loss prevention solution to include rule-based analysis to detect and prevent the exfiltration of sensitive data from the subject system in accordance with industry best practices.

2022-ITA-025-02 Yes $0 $0

We recommend that the Office of the Chief Information Officer regularly test the Department's data loss prevention capability to ensure that sensitive data in the subject system is protected against data exfiltration attempts.

2022-ITA-025-03 No $0 $0

We recommend that the Office of the Chief Information Officer evaluate data communication protocols in use by the subject system that are vulnerable to exploitation and implement controls to mitigate identified vulnerabilities.

2022-ITA-025-10 No $0 $0

We recommend that the Office of the Chief Information Officer ensure all existing non-Foundation Cloud Hosting Services contracts are migrated to an approved enterprisewide cloud-hosting procurement or modified to incorporate OCIO requirements and best practices for procuring cloud services, as recommended by the Chief Acquisition Officer and Chief Information Officer Councils and OCIO policy.

Department of the Interior OIG

United States