DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.
- Executive SummaryReport NumberOIG-19-60Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019
Independent Auditors' Report on DHS' FY 2018 Financial Statements and Internal Control over Financial ReportingExecutive Summary
The Chief Financial Officers Act of 1990 (Public Law 101-576) and the Department Of Homeland Security Financial Accountability Act (Public Law 108-330) require us to conduct an annual audit of the Department of Homeland Security’s (DHS) consolidated financial statements and internal control over financial reporting. KPMG noted that the financial statements present fairly, in all material respects, DHS’ financial position as of September 30, 2018.
KPMG issued an adverse opinion on DHS’ internal control over financial reporting of its financial statements as of September 30, 2018. The report identifies the following six significant deficiencies in internal control, the first two of which are considered material weaknesses, and four instances where DHS did not comply with laws and regulations.Report NumberOIG-19-04Issue DateDocument FileKeywordsFiscal Year2019
- Executive Summary
The Department faces challenges to effectively sharing cyber threat information across Federal and private sector entities. Without acquiring a cross-domain information processing solution and automated tools, DHS cannot analyze and share threat information timely. Further, without enhanced outreach, DHS cannot increase participation and improve coordination of information sharing across Federal and private organizations.
Report NumberOIG-18-10Issue DateDocument FileOversight AreaFiscal Year2018
Information Technology Management Letter for the United States Secret Service Component of the FY 2016 Department of Homeland Security Financial Statement AuditExecutive Summary
Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls, segregation of duties, and configuration management. The deficiencies collectively limited USSS’ ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that USSS, in coordination with the Department of Homeland Security’s Chief Information Officer and Acting Chief Financial Officer, make improvements to USSS’ financial management systems and associated information.Report NumberOIG-17-72Issue DateDocument FileFiscal Year2017
The Secret Service Has Taken Action to Address the Classified Recommendations of the Protective Mission PanelExecutive Summary
The Protective Mission Panel (PMP) made a number of recommendations in its December 2014 classified report. The objective of this review was to determine whether the Secret Service has taken or plans to take action to implement the PMP’s classified recommendations, which primarily relate to security gaps and vulnerabilities at the White House Complex (WHC). The Secret Service has clearly taken these recommendations seriously. Using funding appropriated for PMP initiatives, the Secret Service began enhancing security and refreshing technology at the WHC. Fully implementing many of the PMP’s classified recommendations will depend on staff increases, sustained funding, and a multi-year commitment by Secret Service and Department leadership to ensure actions continue even during times of increased protective mission demands and unexpected priorities. We made no recommendations in this report.Report NumberOIG-17-47Issue DateDocument FileFiscal Year2017
- Executive Summary
We determined that the U.S. Secret Service has clearly taken the Protective Mission Panel’s (PMP) recommendations seriously, which it has demonstrated by making a number of significant changes. Specifically, it has improved communication within the workforce, better articulated its budget needs, increased hiring, and committed to more training. However, fully implementing many of the PMP’s recommendations will require long-term financial planning, further staff increases, consistent re-evaluation of the initiated actions’ effectiveness, and a multi-year commitment by Secret Service and Department of Homeland Security leadership. We have made five recommendations.Report NumberOIG-17-10Issue DateDocument FileKeywordsFiscal Year2017
- Executive Summary
We determined that CBP, ICE and USSS have been able to maintain staffing levels close to the authorized number of law enforcement personnel, but they continue to have significant delays in hiring. The additional steps in the hiring process add to the time it takes to hire law enforcement officers, but the components also do not have the staff or comprehensive automated systems needed to hire personnel as efficiently as possible. Although they have taken steps to reduce the time it takes to hire law enforcement personnel, it is too early to measure the long-term effects of the Department’s and the components’ recent actions. We made five recommendations to make the law enforcement hiring process more efficient.Report NumberOIG-17-05Issue DateDocument FileFiscal Year2017
- Executive Summary
We determined that the U.S. Secret Service (USSS) did not have adequate protections in place on systems to which Master Central Index (MCI) information was migrated. These problems occurred because USSS has not consistently made IT management a priority. The USSS Chief Information Officer (CIO) lacked authority for all IT resources and was not effectively positioned to provide necessary oversight, inadequate attention was given to updating USSS IT policies, and high turnover and vacancies within the Office of the CIO meant a lack of leadership to ensure IT systems were properly managed. In addition, USSS personnel were not adequately trained to successfully perform their duties. We made 10 recommendations to USSS and 1 recommendation to the DHS Privacy Office to reduce the risk of future unauthorized access and disclosure of sensitive information. The USSS and the DHS Privacy Officer concurred with these recommendations.Report NumberOIG-17-01Issue DateDocument FileOversight AreaFiscal Year2017