US flag signifying that this is a United States Federal Government website Official website of the Department of Homeland Security

Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely.  We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.

Information and guidance about COVID-19 is available at coronavirus.gov.

CISA

  • DHS Can Enhance Efforts to Protect Commercial Facilities from Terrorism and Physical Threats

    Executive Summary

    The Cybersecurity and Infrastructure Security Agency (CISA) does not effectively coordinate and share best practices to enhance security across the commercial facilities sector.  Specifically, CISA does not coordinate within DHS on security assessments to prevent potential overlap, does not always ensure completion of required After Action Reports to share best practices with the commercial facilities sector, and does not adequately inform all commercial facility owners and operators of available DHS resources.  This occurred because CISA does not have comprehensive policies and procedures to support its role as the commercial facilities’ Sector-Specific Agency (SSA).  Without such policies and procedures, CISA cannot effectively fulfill its SSA responsibilities and limits its ability to measure the Department’s progress toward accomplishing its sector-specific objectives.  CISA may also be missing opportunities to help commercial facility owners and operators identify threats and mitigate risks, leaving the commercial facilities sector vulnerable to terrorist attacks and physical threats that may cause serious damage and loss of life.  We made three recommendations to improve CISA’s coordination and outreach to safeguard the commercial facilities sector.  CISA concurred with all three recommendations.

    Report Number
    OIG-20-37
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2020
  • Evaluation of DHS' Information Security Program for Fiscal Year 2018

    Executive Summary

    DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.

    Report Number
    OIG-19-60
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • (U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018

    Executive Summary

    We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
     

    We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.

    Report Number
    OIG-19-34-UNSUM
    Issue Date
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
Subscribe to CISA

Would you like to take a brief survey regarding our site?