Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
We are conducting the subject audit at the request of the House Committee on Oversight and Reform. The objective of this audit is to determine the actions taken by the DoD to configure remote access software used to facilitate telework during the COVID-19 pandemic to protect DoD networks and systems from potential malicious activity. We will also determine the extent to which the DoD implemented security controls to protect remote connections to its networks. We may revise the objective as the audit proceeds, and we will consider suggestions from management for additional or revised objectives.
Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the COVID-19 Pandemic
The objective of this audit is to determine whether DoD’s deployment of collaboration tools used to facilitate telework during the coronavirus disease–2019 (COVID-19) pandemic exposed DoD networks and systems to potential malicious activity, and the extent to which the DoD implemented security controls to protect the collaboration tools used on its networks. We will perform this audit in accordance with generally accepted government auditing standards. We may revise the objective as the audit proceeds, and we will consider suggestions from DoD management for additional or revised objectives.
Evaluation of Combatant Commands Communication Challenges with Foreign Nation Partners during the COVID-19 Pandemic and Mitigation Efforts
We plan to begin the subject evaluation in June 2021. The objective of this evaluation is to determine how U.S. Africa Command, U.S. Central Command, U.S. European Command, U.S. Indo-Pacific Command, U.S. Southern Command, and their Component Commands mitigated communication problems with partner nations during the COVID-19 pandemic, document those mitigation strategies, and consider whether these strategies should be employed in future operations where personal interaction is not possible. We may revise the objective as the evaluation proceeds, and we will consider suggestions from management for additional or revised objectives.
The Office of Inspector General, Audits Division will conduct an evaluation of the COVID-19 assistance information systems security controls. Our objective is to determine what internal controls the organization designed to address third-party contractor system cybersecurity risks caused by COVID-related economic relief transactions.
This review is a culmination of the OIG's work on FISMA as well as additional cybersecurity and technology work performed by the OIG throughout the year. The review this fiscal year includes additional work to address questions raised by members of Congress related to information technology and cybersecurity during the Department of Energy's maximum telework posture.
Evaluation of Third-Party Cybersecurity Risk Management Processes for Vendors Supporting the Main Street Lending Program (MSLP) and the Secondary Market Corporate Credit Facility (SMCCF)
In response to the economic effects of the COVID-19 pandemic, the Board created new lending programs and facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. To support the implementation of specific programs and facilities, the Federal Reserve Banks have contracted with third- party vendors for various services, such as administrative, custodial, legal, design, and investment management services. These vendors provide data generated from the operations and management of the facilities to the Reserve Banks, who then provide the data to the Board. We are evaluating the effectiveness of (1) the risk management processes designed to ensure that effective information security and data integrity controls are implemented by third parties supporting the administration of the MSLP and the SMCCF and (2) select security controls managed.