DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.
- Executive SummaryReport NumberOIG-19-60Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019
- Executive Summary
Through the TSA program, FEMA provides transitional sheltering in hotels to disaster survivors displaced by emergencies or major disasters. TSA reduces the number of survivors in congregate emergency shelters by providing hotel lodging. During our ongoing audit of the Federal Emergency Management Agency’s (FEMA) Transitional Sheltering Assistance (TSA) program, we determined that FEMA violated the Privacy Act of 19741 and Department of Homeland Security policy2 by releasing to the PII and SPII of 2.3 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires in 2017.3Report NumberOIG-19-32Issue DateDocument FileDHS AgencyOversight AreaKeywordsFiscal Year2019
- Executive Summary
This is a Department of Homeland Security, Office of Inspector General management alert to make the Federal Emergency Management Agency (FEMA) and its partners aware of active attempts — observed during our ongoing disaster oversight work in Puerto Rico — to profit from disaster survivors seeking FEMA assistance. We observed posted notices featuring a logo similar to FEMA’s, advertising paid services to complete the FEMA disaster assistance application on behalf of survivors. These services appear to be associated with FEMA, but actually are not, and demand a fee for services FEMA provides at no cost.
To complete the disaster assistance application forms, the paid service requires disaster survivors to provide their Personally Identifiable Information (PII) — such as their social security number, household annual income, and bank account numbers — to a third party, which exposes survivors to unnecessary risks.Report NumberOIG-18-30Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018