Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Fiscal Year
OIG-18-10 The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations.

 

>Biennial Report on DHS’ Implementation of the Cybersecurity Act of 2015 		2018
OIG-18-11 Department leadership must commit itself to ensuring DHS operates more as a single entity. rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity. We have seen little evidence of proactive effort by leadership to view the organization holistically, to forcefully communicate the need for cooperation among components, and to establish programs or policies that ensure unity, even though such effort is a necessary precondition to unified action.

 

>Major Management and Performance Challenges Facing the Department of Homeland Security 		2018
OIG-18-16 Independent Auditors' Report on DHS' FY 2017 Financial Statements and Internal Control over Financial Reporting 20187
OIG-18-24 DHS reported using its Other Transaction Authority to work with non-traditional contractors, DHS did not always follow statutory requirements when entering, modifying, and overseeing its agreements. Inadequate internal policies contributed to DHS falling short of meeting all statutory requirements for using OTAs. In addition, DHS acquisition policy staff reported that competing priorities prevented timely reporting to Congress. As a result, DHS may have taken on more risks and costs than necessary and impeded Congress’ ability to oversee DHS’ use of OTAs.

>Department of Homeland Security's Use of Other Transaction Authority 		2018
OIG-18-34 The DATA Act required the OIG to review a statistically valid sample of DHS’ fiscal year 2017, 2nd quarter spending data posted on USASpending.gov and to submit to Congress a report assessing the data’s completeness, timeliness, quality, and accuracy; and DHS’ implementation and use of Government-wide financial data standards. The Digital Accountability and Transparency Act of 2014 (DATA Act) required DHS to submit, by May 2017, complete, accurate, and timely spending data to the Department of the Treasury (Treasury) for publication on USASpending.gov beginning with the 2nd quarter of FY 2017. DHS successfully certified and submitted its FY 2017/Q2 spending data for posting on USASpending.gov in April 2017. Although DHS met the DATA Act’s mandated submission deadline, we identified issues concerning the completeness and accuracy of its first data submission that hinders the quality and usefulness of the information.

 

>DHS' Implementation of the DATA Act 		2018
OIG-18-41 DHS Needs to Strengthen Its Suspension and Debarment Program 2018
OIG-18-52 In light of the heightened public and congressional interest in the misuse of government-owned, government-leased, and chartered aircraft, the Department of Homeland Security (DHS) Office of Inspector General (OIG) conducted a special review of the use of government aircraft by the heads of the Department and several of DHS’s operational components. DHS OIG’s review also included a review of other-than-coach-class travel by this same group of senior officials. We determined that each instance of the use of government aircraft by DHS’s senior leaders during the time period of our review generally complied with relevant laws, rules, regulations, policies, and guidance.

With respect to DHS senior leaders’ other-than-coach-class (OTCC) commercial air travel over the same time period, we determined that such travel generally qualified as allowable premium travel. We could not definitively determine, however, whether one trip taken by a former Deputy Secretary met all of the Department’s criteria for allowable OTCC travel. We also identified two specific instances of non-compliance with the Department’s internal request and approval processes for such travel; however, the related travel was properly justified, and the process deviations were quickly identified and corrected by the Department.

>Special Review: DHS Executive Travel Review 		2018
OIG-18-55 Department of Homeland Security (DHS) Under Secretary for Intelligence and Analysis (USIA) David J. Glawe used a personal email account to send an invitation to his ceremonial swearing-in event to staff members of the United States Senate Committee on Homeland Security and Governmental Affairs. Because the invitation came from a non-DHS email account and resembled a phishing email, Senator Claire McCaskill asked the DHS Office of Inspector General to review the circumstances surrounding the invitation

>Special Review: Swearing-In Ceremony of David J. Glawe, DHS Under Secretary for Intelligence and Analysis 		2018
OIG-18-56 We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017.

>Evaluation of DHS' Information Security Program for Fiscal Year 2017 		2018
OIG-18-57 The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment and periodic audits on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security implemented internal controls to prevent illegal, improper, and erroneous purchases and payments. During fiscal year 2016, DHS reported spending approximately $1.2 billion in purchase, travel, and fleet card transactions. Although the Department has established internal controls for its charge card programs, the components we reviewed did not always follow DHS’ procedures. Our testing results of purchase, travel, and fleet card transactions revealed internal control weaknesses. Specifically, we found major internal control weaknesses that persisted at the United States Coast Guard and some control weaknesses within CBP’s Fleet Card Program.

>Fiscal Year 2016 Audit of the DHS Bankcard Program Indicates Moderate Risk Remains 		2018
OIG-18-59 Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

>Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems 		2018
OIG-18-69 Since FY 2014, DHS improved conference spending reporting and implemented policies and procedures to ensure proper oversight and accurate and timely reporting. However, we found instances where DHS did not comply with annual conference reporting requirements. The Department failed to report two conferences costing more than $100,000 each. The Department also did not always report all hosted conferences costing more than $20,000 to OIG within 15 days of the conclusion of each conference. In addition, the Department did not always properly record actual costs accurately and within 45 days of the conclusion of each conference. Although DHS did not always comply with reporting requirements, in most cases, its FY 2016 conference expenses appeared appropriate, reasonable, and necessary.

>Audit of Department of Homeland Security's Fiscal Year 2016 Conference Spending 		2018
OIG-18-72 DHS did not comply with IPERA because it did not meet one of the six IPERA requirements. Specifically, DHS did not meet its annual reduction targets for 2 of 14 programs. Additionally, we determined that DHS did not provide adequate oversight of the component’s improper testing and reporting.

>Department of Homeland Security's FY 2017 Compliance with the Improper Payments Elimination and Recovery Act of 2010 		2018
OIG-18-73 Not all forms DHS and its components use to create NDAs include the required WPEA statement. Further, although many of the settlement agreement templates and settlement agreements in the sample we reviewed included provisions that might restrict or prevent disclosure of information, nearly three-fourths of these documents did not contain the WPEA statement. Omitting the statement in NDAs and personnel settlement agreements could lead to confusion about what information may be disclosed to permissible recipients, which could deter reporting of fraud, waste, or abuse and impede DHS Office of Inspector General (OIG) activities.

>DHS' Non-disclosure Forms and Settlement Agreements Do Not Always Include the Required Statement from the Whistleblower Protection Enhancement Act of 2012 		2018
OIG-18-81 DHS support components do not have sufficient processes and procedures to address misconduct. Support Components provide resources, analysis, equipment, research, policy development, and other specific assistance to operational components. These deficiencies exist because no single office or entity

is responsible for managing and overseeing misconduct issues across support components. According to Government Accountability Office (GAO) guidance, it is important for agencies to establish organizational structure, assign responsibility, and delegate authority, so they can achieve their objectives. Support components need to improve their processes and procedures for addressing misconduct. Specifically, support components do not maintain comprehensive data about misconduct  allegations; refer misconduct allegations consistently to OIG; provide guidance for supervisors and investigators on handling misconduct; and manage misconduct allegations effectively.

>DHS Support Components Do Not Have Sufficient Processes and Procedures to Address Misconduct 		2018
OIG-18-82 Department of Homeland Security shall submit a report not later than October 15, 2017, to the DHS Office of Inspector General listing all grants and contracts awarded by other than full and open competition (OTFOC) during fiscal years 2016 and 2017. We contracted with Williams, Adley & Company-DC, LLC to review the OTFOC report and assess DHS compliance with applicable laws, regulations, and departmental procedures.  Williams Adley concluded that DHS complied with applicable statutes, regulations, and policies governing grants and contracts awarded by OTFOC in FY 2017. During that year, DHS awarded 62 noncompetitive grants worth about $140 million and 121 noncompetitive contracts worth about $118 million through OTFOC. The independent auditors determined that DHS’ Report on OTFOC for FY 2017 as well as the information related to these grants and contracts in the Federal Procurement Data System – Next Generation and USASpending.gov were accurate. The auditors also found that DHS followed written policies and procedures and the requirements of the Federal Funding Accountability and Transparency Act of 2006 when awarding grants and contracts

noncompetitively.

>DHS Grants and Contracts Awarded through Other Than Full and Open Competition FY 2017 		2018
OIG-18-88 DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

>Review of Coast Guard's Oversight of the TWIC Program 		2018
OIG-19-01 Annual report, Major Management and Performance Challenges Facing the Department of Homeland Security. Pursuant to the Reports Consolidation Act of 2000, the Office of Inspector General is required to issue a statement that summarizes what the Inspector General considers to be the most serious management and performance challenges facing the agency and briefly assess the agency’s progress in addressing those challenges. We acknowledge past and ongoing efforts by Department’s senior leadership to address the challenges identified in this report. At the same time, our aim in this report is two-fold to identify areas that need continuing focus and improvement and to point out instances in which senior leadership’s goals and objectives are not executed throughout the Department. We highlight persistent management and performance challenges that hamper the Department’s efforts to accomplish the homeland security mission efficiently and effectively.

>Major Management and Performance Challenges Facing the Department of Homeland Security 		2019
OIG-19-04 The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.

KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.

>Independent Auditors' Report on DHS' FY 2018 Financial Statements and Internal Control over Financial Reporting 		2019
OIG-19-23 Within U.S. Customs and Border Protection (CBP), Border Patrol agents are responsible for patrolling our international land borders and coastal waters surrounding Florida and Puerto Rico. We conducted this audit to determine to what extent Border Patrol agents meet workload requirements related to investigative and law enforcement activities. Border Patrol needs to manage its workforce more efficiently, effectively, and economically. CBP and Border Patrol must expedite the development and implementation of a workforce staffing model for Border Patrol as required by Congress. Without a complete workforce staffing model, Border Patrol senior managers are unable to definitively determine the operational needs for, or best placement of, the 5,000 additional agents DHS was directed to hire per the January 2017 Executive Order.

>Border Patrol Needs a Staffing Model to Better Plan for Hiring More Agents 		2019
OIG-19-34-UNSUM We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.

 

We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.

>(U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018 		2019
OIG-19-41 Special Report: Review Regarding DHS OIG's Retraction of Thirteen Reports Evaluating FEMA's Initial Response to Disasters 2019
OIG-19-39 This report presents the results of KPMG LLP’s (KPMG) work conducted to address the performance audit objectives relative to the Audit of Department of Homeland Security’s Fiscal Year 2017 Conference Spending. KPMG performed the work during the period of September 18, 2017 to August 30, 2018, and our scope period for testing was October 1, 2016 through September 30, 2017. KPMG LLP (KPMG) found that DHS management has policies and procedures over conference spending and reporting, improvements are needed. KMPG made seven recommendations to improve conference spending reporting.

>Audit of Department of Homeland Security's Fiscal Year 2017 Conference Spending 		2019
OIG-19-42 DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.

>DHS Needs to Address Oversight and Program Deficiencies before Expanding the Insider Threat Program 		2019
OIG-19-43 The Department of Homeland Security did not comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because the Department did not meet two of the six requirements. Specifically, the Department omitted the percent of recaptured amounts from the Other Information section in its Agency Financial Report and did not meet its annual reduction target established for one of eight programs deemed susceptible to significant improper payments.The Department also did not comply with Executive Order 13520, Reducing Improper Payments, because DHS did not make available to the public its Quarterly High-Dollar Overpayment report for the second quarter of fiscal year 2018.

>Department of Homeland Security's FY 2018 Compliance with the Improper Payments Elimination and Recovery Act of 2010 and Executive Order 13520, Reducing Improper Payments 		2019
OIG-19-44 Audit of DHS' Issuance and Management of Other Transaction Agreements Involving Consortium Activities 2019
OIG-19-48 DHS Needs to Improve Its Oversight of Misconduct and Discipline 2019
OIG-19-50 Inadequate Oversight of Low Value DHS Contracts 2019
OIG-19-59 We determined that despite requirements of the Homeland Security Act of 2002, as amended, the Science and Technology Directorate (S&T) did not effectively coordinate and integrate department-wide research and development (R&D) activities.  In August 2015, S&T established Integrated Product Teams (IPTs) as the central mechanism to identify, track, and coordinate department-wide priority R&D efforts.  However, S&T did not follow its IPT process as intended.  Specifically, not all components submitted all information on capability gaps to the IPTs; S&T did not effectively gather, track, and manage data on the Department’s R&D gaps and activities; and S&T did not adequately monitor the IPT process to ensure it was effective.  As a result, S&T may not be able to provide the Secretary of Homeland Security and Congress with an accurate profile of the Department’s R&D activities or justify funding needs for a wide range of missions, including securing the border, detecting nuclear devices, and screening airline passengers.  We made three recommendations to improve S&T’s coordination of R&D activities across DHS.  S&T concurred with our recommendations.

>S&T Is Not Effectively Coordinating Research and Development Efforts across DHS 		2019
OIG-19-60 DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.

>Evaluation of DHS' Information Security Program for Fiscal Year 2018 		2019
OIG-19-62 DHS Needs to Improve Cybersecurity Workforce Planning 2019
OIG-20-03 KPMG LLP (KPMG), under contract with DHS OIG, conducted an integrated audit of DHS’ FY 2019 consolidated financial statements and internal control over financial reporting.  KPMG issued an unmodified (clean) opinion over the Department’s financial statements, reporting that they present fairly, in all material respects, DHS’ financial position as of September 30, 2019.  However, KPMG identified material weaknesses in internal control in two areas and other significant deficiencies in three areas.  Consequently, KPMG issued an adverse opinion on DHS’ internal control over financial reporting.  KPMG also reported two instances of noncompliance with laws and regulations.  DHS concurred with all of the recommendations.

>Independent Auditors' Report on DHS' FY 2019 Financial Statements and Internal Control over Financial Reporting 		2020
OIG-20-05 From fiscal years 2015 through 2018, in the midst of a growing opioid epidemic, U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement, Transportation Security Administration, and U.S. Secret Service appropriately disciplined employees whose drug test results indicated illegal opioid use, based on their employee standards of conduct and tables of offenses and penalties.  Additionally, during the same time period, components have either implemented or are taking steps to evaluate whether employees using prescription opioids can effectively conduct their duties.  For example, components have established policies prohibiting the use of prescription opioids that may impact an employee’s ability to work, in addition to requiring employees to report such prescription opioid use.  They have also implemented or are in the process of implementing measures to evaluate the fitness for duty of employees using prescription opioids.  These policies establish consistent standards components can use to ensure they are allowing employees to use legally-prescribed opioids, while also ensuring their workforce is capable of effectively performing their duties.  We made two recommendations to improve components’ oversight of illegal and prescription opioid use by employees.  CBP and Secret Service concurred with the recommendations, which are both resolved and open.

>CBP, ICE, TSA, and Secret Service Have Taken Steps to Address Illegal and Prescription Opioid Use 		2020
OIG-20-09 DHS developed a strategy to apply 29 lessons learned from prior system updates to the current Financial Systems Modernization (FSM) TRIO program. Since DHS’ actions provides a positive outlook on the future progress of the FSM TRIO project we made no recommendations for improvement.  The report’s limited objective and scope does not provide a complete assessment DHS’ efforts to incorporate lessons learned into their recently reinvigorated FSM efforts. 

>DHS Confirmed It Has Applied Lessons Learned in the Latest Financial System Modernization Effort 		2020
OIG-20-19 DHS’ funding and payments for PALMS violated Federal appropriations law.  Specifically, DHS violated the bona fide needs rule in using fiscal year (FY) 2011 component funds in FYs 2012 and 2013 for e-Training services and PALMS implementation respectively, when the funds were not legally available for those needs.  As a result of the bona fide needs rule and purpose statute violations, DHS may also have violated the Antideficiency Act in FYs 2013 – 2015 when the Department augmented appropriations for the Human Resources Information Technology program with component funds. We made nine recommendations to address violations of Federal appropriations law and to improve controls to prevent such potential violations in the future.

>PALMS Funding and Payments Did Not Comply with Federal Appropriations Law 		2020
OIG-20-31 DHS complied with the Improper Payments Elimination and Recovery Act (IPERA) in fiscal year 2019 by meeting all six of the IPERA requirements.  DHS also complied with Executive Order 13520, Reducing Improper Payments.  Additionally, we reviewed DHS’ processes and procedures for estimating its annual improper payment rates.  Based on our review, we determined DHS did not provide adequate oversight of the components’ improper payment testing and reporting.  We made one recommendation to DHS’ Risk Management and Assurance Division to properly follow the requirements in the DHS Improper Payment Reduction Guidebook. 

>Department of Homeland Security's FY 2019 Compliance with the Improper Payments Elimination and Recovery Act of 2010 and Executive Order 13520, Reducing Improper Payments 		2020
OIG-20-37 The Cybersecurity and Infrastructure Security Agency (CISA) does not effectively coordinate and share best practices to enhance security across the commercial facilities sector.  Specifically, CISA does not coordinate within DHS on security assessments to prevent potential overlap, does not always ensure completion of required After Action Reports to share best practices with the commercial facilities sector, and does not adequately inform all commercial facility owners and operators of available DHS resources.  This occurred because CISA does not have comprehensive policies and procedures to support its role as the commercial facilities’ Sector-Specific Agency (SSA).  Without such policies and procedures, CISA cannot effectively fulfill its SSA responsibilities and limits its ability to measure the Department’s progress toward accomplishing its sector-specific objectives.  CISA may also be missing opportunities to help commercial facility owners and operators identify threats and mitigate risks, leaving the commercial facilities sector vulnerable to terrorist attacks and physical threats that may cause serious damage and loss of life.  We made three recommendations to improve CISA’s coordination and outreach to safeguard the commercial facilities sector.  CISA concurred with all three recommendations.

>DHS Can Enhance Efforts to Protect Commercial Facilities from Terrorism and Physical Threats 		2020
OIG-20-40 Two years since enactment, DHS and its components have mostly complied with SAVE Act requirements.  The SAVE Act requires the Office of the Chief Readiness Support Officer (OCRSO), as delegated by DHS, to collect and review components’ vehicle use data, including their analyses of the data and plans for achieving the right types and sizes of vehicles to meet mission needs.  Most components developed their plans as required.  However, only two of the 12 components we reviewed fully met requirements to analyze and document vehicle use and cost data to help them achieve the right type and size of fleet vehicles to meet their missions.  This occurred because DHS did not require components to include data analyses in their OCRSO-reviewed submissions, as mandated by the SAVE Act.  Had ORSCO thoroughly evaluated component submissions, it would have identified that components did not fully comply with SAVE Act requirements.  DHS concurred with all four recommendations that, when implemented, should improve the Department’s oversight over its vehicle fleets. 

>DHS Has Made Progress in Meeting SAVE Act Requirements But Challenges Remain for Fleet Management 		2020
Department of Homeland Security Section - Top Challenges Facing Federal Agencies: COVID-19 Emergency Relief and Response Efforts 2020
OIG-20-43 DHS’ capability to counter illicit Unmanned Aircraft Systems (UAS) activity remains limited.  The Office of Strategy, Policy, and Plans did not execute a uniform department-wide approach, which prevented components authorized to conduct counter-UAS operations from expanding their capabilities.  This occurred because the Office of Policy did not obtain funding as directed by the Secretary to expand DHS’ counter-UAS capability.  We made four recommendations to improve the Department’s management and implementation of counter-UAS activities.  The Office of Strategy, Policy, and Plans concurred with all four of our recommendations.      

>DHS Has Limited Capabilities to Counter Illicit Unmanned Aircraft Systems 		2020
OIG-20-47 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2019 2020
OIG-20-53 According to the Securing Our Agriculture and Food Act (SAFA), the program should provide oversight, lead policy initiatives, and coordinate with DHS components and Federal agencies.  However, the Countering Weapons of Mass Destruction Office (CWMD) has not yet carried out a program to meet SAFA’s requirements.  This occurred because CWMD believes it does not have clearly defined authority from the Secretary to carry out the requirements of the SAFA.  In addition, since its establishment in December 2017, CWMD has not prioritized SAFA requirements but instead has focused its resources on other mission areas.  As a result, CWMD has limited awareness of DHS’ ongoing efforts and cannot ensure it is adequately prepared to respond to a terrorist attack against the Nation’s food, agriculture, or veterinary systems.  We made three recommendations to DHS’ CWMD to improve oversight, policy initiatives, and coordination of the Department’s efforts to protect the Nation’s food, agriculture, and veterinary systems. 

>DHS Is Not Coordinating the Department's Efforts to Defend the Nation's Food, Agriculture, and Veterinary Systems against Terrorism 		2020
OIG-20-56 DHS generally met deadlines for responding to simple Freedom of Information Act (FOIA) requests, it did not do so for most complex requests.  A significant increase in requests received, coupled with resource constraints, limited DHS’ ability to meet production timelines under FOIA, creating a litigation risk for the Department.  Additionally, DHS has not always fully documented its search efforts, making it difficult for the Department to defend the reasonableness of the searches undertaken.  With respect to responding to congressional requests, we determined DHS has established a timeliness goal of 15 business days or less; however, on average, it took DHS nearly twice as long to provide substantive responses to Congress, with some requests going unanswered for up to 450 business days.  Further, DHS redacted personal information in its responses to congressional committee chairs even when disclosure of the information was statutorily permissible.  This was a descriptive report and contained no recommendations.  In its response, DHS acknowledged FOIA backlogs remain a problem, despite increasing requests processed.  DHS stated its process responding to congressional requests varies greatly and that its redactions are appropriate.

>DHS' Process for Responding to FOIA and Congressional Requests 		2020
OIG-20-61 The DHS Chief Information Officer (CIO) and most component CIOs had conducted strategic planning efforts to help prioritize legacy Information Technology (IT) systems and infrastructure to better accomplish mission goals.  However, due to a lack of standard guidance and funding, not all components have complied with or fully embraced Department-wide IT modernization initiatives to adopt cloud-based computing, and to consolidate data centers.  Meanwhile, DHS continues to rely on deficient and outdated IT systems to perform mission-critical operations.  Additionally, DHS has not yet leveraged the Modernizing Government Technology Act mandate to accelerate ongoing IT modernization efforts, as DHS and its components questioned whether the benefits of the Act outweighed the additional effort needed to use the resources provided under the Act.  Until DHS addresses these issues, it will continue to face significant challenges to accomplish mission operations efficiently and effectively.  We made three recommendations for the DHS OCIO to develop guidance for implementing cloud technology and migrating legacy IT systems to the cloud, coordinate with components to develop and finalize a data center migration approach, and establish a process to assign risk ratings for major legacy IT investments.  The Department concurred with all three recommendations.

>Progress and Challenges in Modernizing DHS' IT Systems and Infrastructure 		2020
OIG-20-62 Since 2017, DHS has continued to make progress in meeting its Digital Accountability and Transparency Act of 2014 (DATA Act) reporting requirements, but challenges remain.  To enable more effective tracking of Federal spending, DHS must continue to take action to accurately align its budgetary data with the President’s budget, reduce award misalignments across DATA Act files, improve the timeliness of financial assistance reporting, implement and use government-wide data standards, and address risks to data quality.  Without these actions, DHS will continue to experience challenges in meeting its goal of achieving the highest possible data quality for submission to USAspending.gov.  We made five recommendations to help strengthen DHS’ controls for ensuring complete, accurate, and timely spending data.  The Department concurred with all five recommendations. 

>DHS Has Made Progress in Meeting DATA Act Requirements, But Challenges Remain 		2020
OIG-20-72 Oversight Review of the Office of the Chief Security Officer, Internal Security Division 2020
OIG-20-73 DHS has not fulfilled most of the 13 responsibilities of the Geospatial Data Act.  To comply with one responsibility, DHS has a Geospatial Information Officer and a dedicated Geospatial Management Office whose duties include overseeing the Act’s implementation and to coordinate with other agencies.  However, DHS has only partially met, or not met, the remaining 12 responsibilities in the Act.  DHS’ lack of progress in complying with the responsibilities outlined in the Act can be attributed to multiple external and internal factors.  External factors include the need for additional guidance from the Federal Geographic Data Committee and the Office of Management and Budget to properly interpret and implement certain responsibilities.  Internal factors include competing priorities that diverted resources away from fulfilling the Act’s 13 responsibilities.  We made three recommendations that focus on increasing the resources necessary to comply with DHS’ 13 responsibilities under the Act.  The Department concurred with all three recommendations.

>DHS Faces Challenges in Meeting the Responsibilities of the Geospatial Data Act of 2018 		2020
OIG-20-74 The Cybersecurity and Infrastructure Security Agency (CISA) increased the number of Automated Indicator Sharing (AIS) participants as well as the volume of cyber threat indicators it has shared since the program’s inception in 2016.  However, CISA made limited progress in improving the overall quality of information it shares with AIS participants to effectively reduce cyber threats and protect against attacks.  The lack of progress can be attributed to the limited number of AIS participants sharing cyber indicators with CISA, delays in receiving cyber threat intelligence standards, and insufficient staff.  To be more effective, CISA should hire the staff it needs to provide outreach, guidance, and training.  We made four recommendations to CISA to enhance the program’s overall effectiveness and cyber threat information sharing.  CISA concurred with all four recommendations.  

>DHS Made Limited Progress to Improve Information Sharing under the Cybersecurity Act in Calendar Years 2017 and 2018 		2020
OIG-20-77 Evaluation of DHS' Information Security Program for Fiscal Year 2019 2020
OIG-21-01 DHS Has Secured the Nation's Election Systems, but Work Remains to Protect the Infrastructure 2021

*NDAA, Pub. L. 117-263, section 5274 Response Received. View responses

Return to top of page