The DHS Chief Information Officer (CIO) and most component CIOs had conducted strategic planning efforts to help prioritize legacy Information Technology (IT) systems and infrastructure to better accomplish mission goals. However, due to a lack of standard guidance and funding, not all components have complied with or fully embraced Department-wide IT modernization initiatives to adopt cloud-based computing, and to consolidate data centers. Meanwhile, DHS continues to rely on deficient and outdated IT systems to perform mission-critical operations. Additionally, DHS has not yet leveraged the Modernizing Government Technology Act mandate to accelerate ongoing IT modernization efforts, as DHS and its components questioned whether the benefits of the Act outweighed the additional effort needed to use the resources provided under the Act. Until DHS addresses these issues, it will continue to face significant challenges to accomplish mission operations efficiently and effectively. We made three recommendations for the DHS OCIO to develop guidance for implementing cloud technology and migrating legacy IT systems to the cloud, coordinate with components to develop and finalize a data center migration approach, and establish a process to assign risk ratings for major legacy IT investments. The Department concurred with all three recommendations.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.
- Executive SummaryReport NumberOIG-20-61Issue DateDocument FileDHS AgencyKeywordsFiscal Year2020
- Executive Summary
DHS’ funding and payments for PALMS violated Federal appropriations law. Specifically, DHS violated the bona fide needs rule in using fiscal year (FY) 2011 component funds in FYs 2012 and 2013 for e-Training services and PALMS implementation respectively, when the funds were not legally available for those needs. As a result of the bona fide needs rule and purpose statute violations, DHS may also have violated the Antideficiency Act in FYs 2013 – 2015 when the Department augmented appropriations for the Human Resources Information Technology program with component funds. We made nine recommendations to address violations of Federal appropriations law and to improve controls to prevent such potential violations in the future.Report NumberOIG-20-19Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2020
- Executive Summary
DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.Report NumberOIG-19-60Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019
Management Alert - U.S. Citizenship and Immigration Services' Use of the Electronic Immigration System for Naturalization Benefits Processing (OIG-17-26-MA)Executive Summary
We recommend that USCIS halt plans to revert to using the Electronic Immigration System (ELIS) to process immigrant naturalization applications until it successfully addresses identified system deficiencies. We made two recommendations to this Management Alert.Report NumberOIG-17-26-MAIssue DateDocument FileDHS AgencyOversight AreaFiscal Year2017
Information Technology Management Letter for the Management Directorate Component of the FY 2016 Department of Homeland Security Financial Statement AuditExecutive Summary
Most of the deficiencies identified by the independent public accounting firm KPMG LLP were related to access controls and configuration management of the Management Directorate’s core financial systems. The deficiencies collectively limited the Management Directorate’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that the Management Directorate make improvements to DHS’ financial management systems and associated information technology security program.Report NumberOIG-17-88Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2017
Verification Review of USCIS' Progress in Implementing OIG Recommendations for SAVE to Accurately Determine Immigration Status of Individuals Ordered DeportedExecutive Summary
We determined that all corrective actions have been implemented for recommendations 1, 3 and 4, which were designed to increase the effectiveness of SAVE verification. In response to OIG recommendation 2, U.S. Citizenship and Immigration Services (USCIS) built and implemented an interface with the Department of Justice’s Immigration Review Information Exchange System in August 2016 to obtain up-to-date information on the status of deportable aliens. While the interface is operational, USCIS and the Department of Justice’s Executive Office of Immigration Review (EOIR) still need to approve an Interface Control Agreement between the two systems before we can close the recommendation.Report NumberOIG-17-23-VRIssue DateDocument FileDHS AgencyOversight AreaFiscal Year2017