Report Type
Report Category
Submitting Agency
- (-) Department of Defense OIG (55)
- (-) Department of Homeland Security OIG (30)
- (-) Election Assistance Commission (1)
- Alaska Division of Legislative Audit (1)
- AmeriCorps Office of Inspector General (1)
- Amtrak (National Railroad Passenger Corporation) OIG (1)
- Architect of the Capitol OIG (6)
- Arizona Auditor General (7)
- California State Auditor (12)
- Connecticut Office of the Auditors of Public Accounts (1)
- Council of Inspectors General on Financial Oversight (4)
- Defense Intelligence Agency OIG (3)
- Department of Agriculture (1)
- Department of Agriculture OIG (25)
- Department of Commerce (1)
- Department of Commerce OIG (9)
- Department of Defense (1)
- Department of Education (1)
- Department of Education OIG (38)
- Department of Energy (1)
- Department of Energy OIG (2)
- Department of Health & Human Services (1)
- Department of Health & Human Services OIG (82)
- Department of Homeland Security (1)
- Department of Housing and Urban Development (1)
- Department of Housing and Urban Development OIG (41)
- Department of Justice (2442)
- Department of Justice OIG (266)
- Department of Labor (2)
- Department of Labor OIG (68)
- Department of State (1)
- Department of State OIG (2)
- Department of the Interior (1)
- Department of the Interior OIG (35)
- Department of the Treasury (1)
- Department of the Treasury OIG (147)
- Department of Transportation (1)
- Department of Transportation OIG (11)
- Department of Veterans Affairs (1)
- Department of Veterans Affairs OIG (44)
- Election Assistance Commission OIG (23)
- Environmental Protection Agency (1)
- Environmental Protection Agency OIG (13)
- Farm Credit Administration OIG (1)
- Federal Communications Commission (1)
- Federal Housing Finance Agency OIG (4)
- Federal Reserve Board & CFPB OIG (11)
- General Services Administration (1)
- General Services Administration OIG (12)
- Government Accountability Office (1)
- Government Publishing Office OIG (1)
- Illinois Auditor General (2)
- Kansas Legislative Division of Post Audit (5)
- Legal Services Corporation (1)
- Maryland State Legislative Audits (1)
- Mississippi Office of the State Auditor (2)
- National Aeronautics and Space Administration (1)
- National Aeronautics and Space Administration OIG (1)
- National Archives and Records Administration (1)
- National Endowment for the Arts (1)
- National Endowment for the Humanities (1)
- National Reconnaissance Office OIG (3)
- National Science Foundation (1)
- National Science Foundation OIG (14)
- National Security Agency OIG (1)
- New York, Ulster County Office of the Comptroller (4)
- New York State Comptroller (2)
- North Carolina, City of Charlotte Internal Audit Department (3)
- North Carolina State Auditor (1)
- Nuclear Regulatory Commission (1)
- Office of Management and Budget (4)
- Office of Personnel Management (1)
- Office of Personnel Management OIG (2)
- Office of the Special Inspector General for the Troubled Asset Relief Fund (1)
- Oregon, Multnomah County Auditor's Office (5)
- Oregon Secretary of State, Audits Division (1)
- Pandemic Response Accountability Committee (42)
- Peace Corps (1)
- Peace Corps OIG (3)
- Pension Benefit Guaranty Corporation OIG (8)
- Railroad Retirement Board OIG (8)
- Securities and Exchange Commission OIG (2)
- Small Business Administration (1)
- Small Business Administration OIG (60)
- Social Security Administration (1)
- Social Security Administration OIG (7)
- Special Inspector General for Pandemic Recovery (47)
- Special Inspector General for the Troubled Asset Relief Program (2)
- State of Louisiana (1)
- Tennessee Valley Authority OIG (5)
- Texas, City of Austin Auditor (4)
- Treasury Inspector General for Tax Administration (50)
- U.S. Agency for International Development (1)
- U.S. Agency for International Development OIG (16)
- U.S. Postal Service OIG (16)
- Virginia Auditor of Public Accounts (1)
- Wisconsin Legislative Audit Bureau (13)
Agency Reviewed
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
FEMA's Emergency Non-Congregate Sheltering Interim Policy Provided Greater Flexibility for Emergency Sheltering During the COVID-19 Pandemic
Audit of DoD Health Care Personnel Shortages During the Coronavirus Disease–2019 Pandemic
Rec. 1.a: The DoD OIG recommended that the Defense Health Agency Director, in consultation with the Defense Civilian Personnel Advisory Service develop and implement a plan to ensure a more competitive pay rate for nursing and other hard to fill medical positions in all Defense Health Agency regions.
Rec. 1.a: The DoD OIG recommended that the Defense Health Agency Director, in consultation with the Defense Civilian Personnel Advisory Service develop and implement a plan to ensure a more competitive pay rate for nursing and other hard to fill medical positions in all Defense Health Agency regions.
Rec. 1.c: The DoD OIG recommended that the Defense Health Agency Director, in consultation with the Defense Civilian Personnel Advisory Service develop and implement a plan to establish qualification requirements for nursing and other hard to fill medical positions if it is determined that it would enhance the DoD's efforts to help recruit and retain health care personnel.
Rec. 1.c: The DoD OIG recommended that the Defense Health Agency Director, in consultation with the Defense Civilian Personnel Advisory Service develop and implement a plan to establish qualification requirements for nursing and other hard to fill medical positions if it is determined that it would enhance the DoD's efforts to help recruit and retain health care personnel.
Rec. 2.a: The DoD OIG recommended that the Under Secretary of Defense for Personnel and Readiness, in consultation with the Assistant Secretary of Defense for Health Affairs and the Defense Health Agency Director determine whether the DoD needs to extend waiving the authority to apply section 3326, title 5, United States Code, for appointments made to positions in medical or health profession with the DoD under the direct hire authority and, if so, provide the extension in a subsequent memo before the authority for covered positions expires on September 30, 2025.
Rec. 2.a: The DoD OIG recommended that the Under Secretary of Defense for Personnel and Readiness, in consultation with the Assistant Secretary of Defense for Health Affairs and the Defense Health Agency Director determine whether the DoD needs to extend waiving the authority to apply section 3326, title 5, United States Code, for appointments made to positions in medical or health profession with the DoD under the direct hire authority and, if so, provide the extension in a subsequent memo before the authority for covered positions expires on September 30, 2025.
Rec. 3.a: The DoD OIG recommended that the Defense Health Agency Director revise Defense Health Agency Administrative Instruction 5136.03 to establish approval authority for any civilian personnel extensions outside the continental United States beyond a period of 7 years.
Rec. 3.a: The DoD OIG recommended that the Defense Health Agency Director revise Defense Health Agency Administrative Instruction 5136.03 to establish approval authority for any civilian personnel extensions outside the continental United States beyond a period of 7 years.
Rec. 3.b: The DoD OIG recommended that the Defense Health Agency Director establish maximum time frames to approve civilian personnel extensions outside of the continental United States and require monitoring of extension approval timelines.
Rec. 3.b: The DoD OIG recommended that the Defense Health Agency Director establish maximum time frames to approve civilian personnel extensions outside of the continental United States and require monitoring of extension approval timelines.
Rec. 3.d: The DoD OIG recommended that the Defense Health Agency Director develop and implement a plan to apply strategies and incentives used by other Federal agencies to hire entry-level registered nurses if it is determined the strategies and incentives would enhance the DoD's recruitment efforts.
Rec. 3.d: The DoD OIG recommended that the Defense Health Agency Director develop and implement a plan to apply strategies and incentives used by other Federal agencies to hire entry-level registered nurses if it is determined the strategies and incentives would enhance the DoD's recruitment efforts.
Ineffective Controls Over COVID-19 Funeral Assistance Leave the Program Susceptible to Waste and Abuse
We recommend that the FEMA Administrator resolve questioned costs totaling an estimated $24,438,662 for expenses deemed ineligible by FEMA’s Individual Assistance Program and Policy Guide and determine the amount of any debts owed by recipients for erroneous payments.
We recommend that the FEMA Administrator resolve other questioned costs included in our report and determine the amount of any debts owed by recipients for erroneous payments. Other questioned costs requiring resolution include: a) $1,348,546 for awards issued to multiple applicants for the same decedents; b) $554,653 for awards issued for applications that exceeded the $9,000 per decedent award limit; and c) $591,805 for 93 applications for which FEMA did not adequately review eligibility criteria of the applications.
We recommend that the FEMA Administrator ensure that future iterations of the Individual Assistance Program and Policy Guide and supporting procedures (a) provide consistent guidance on eligibility of funeral expenses for all future disaster declarations; and (b) allow for reimbursement of only necessary expenses and serious needs, consistent with the law.
We recommend that the FEMA Administrator strengthen and monitor improvement of FEMA’s COVID-19 Funeral Assistance training practices with particular focus on: a) distinguishing legitimate sources of potential duplication such as decedent’s name and social security number from potential duplications that arise due to FEMA using a repurposed Individual Assistance processing system, with a data field such as damaged dwelling address; b) preventing FEMA from reimbursing expenses exceeding the maximum $9,000 per decedent; and c) deducting financial assistance received from outside sources such as pre-need funeral arrangements, burial insurance, and assistance from other voluntary or government agencies.
We recommend that the FEMA Administrator ensure that FEMA provides its COVID-19 Funeral Assistance call center contractor the guidance and training necessary to meet the quality control and production monitoring metrics as prescribed by its agreement with the contractor.
FEMA Did Not Effectively Manage the Distribution of COVID-19 Medical Supplies and Equipment
We recommend the FEMA Administrator clarify existing guidance and ensure FEMA personnel use the Logistics Supply Chain Management System or an alternative integrated solution as the system of record during disaster response operations to manage the distribution of FEMA-owned commodities, supplies, and equipment as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests.
We recommend the FEMA Administrator take action to develop and improve the Logistics Management Directorate’s internal controls, guidance, and system integration to obtain more accurate information that enhances logistics decision making regarding the fulfillment of commodity requests during disaster response operations. At a minimum, FEMA should: a. develop internal controls to ensure appropriate information related to facility types, intermediate locations, and transportation-only orders is accurately reported in the Logistics Supply Chain Management System or an alternative integrated solution; b. update guidance and deliver training to ensure there is a clear audit trail when aggregating distribution data on FEMA-owned commodities, supplies, and equipment as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests; and c. improve integration between the Logistics Supply Chain Management System and the Web Emergency Operations Center Crisis Management System to ensure the systems are, to the extent practicable, compatible and share information as required by the Post-Katrina Emergency Management Reform Act of 2006.
We recommend the FEMA Administrator issue guidance and ensure a standardized process for collecting and maintaining documentation to confirm delivery and receipt of FEMA-owned commodities, supplies, and equipment, as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests. At a minimum, the guidance and standardized process should: a. identify the required types of documentation to confirm delivery and receipt such as signed bills of lading, packing slips, and other forms; b. include controls to ensure the shipment documentation includes item descriptions and the specific quantity of items delivered and received; c. clarify the procedures for executing and documenting the delivery of commodities, supplies, and equipment to locations where no FEMA personnel are present to receive shipments; and d. establish appropriate repositories for delivery and receipt documentation.
Audit of the Reliability of the DoD Coronavirus Disease–2019 Patient Health Data
(U) Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
(U) Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
(U) Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
(U) Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
(U) Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
(U) Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
(U) Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
(U) Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
(U) Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
(U) Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
(U) Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
(U) Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
(U) Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
(U) Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
(U) Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
(U) Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
(U) Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
(U) Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
(U) Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
(U) Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
(U) Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
(U) Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
(U) Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User's Guide," current edition.
(U) Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User's Guide," current edition.
(U) Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
(U) Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
Audit of DoD Actions Taken to Protect DoD Information When Using Collaboration Tools During the Coronavirus Disease–2019 Pandemic
(U) Rec.A.1.a : This recommendation is Controlled Unclassified Information
(U) Rec.A.1.a : This recommendation is Controlled Unclassified Information
(U) Rec.A.1.b: This recommendation is Controlled Unclassified Information
(U) Rec.A.1.b: This recommendation is Controlled Unclassified Information
(U) Rec.A.2 : This recommendation is Controlled Unclassified Information
(U) Rec.A.2 : This recommendation is Controlled Unclassified Information
(U) Rec.A.3 : This recommendation is Controlled Unclassified Information
(U) Rec.A.3 : This recommendation is Controlled Unclassified Information
(U) Rec.A.4 : This recommendation is Controlled Unclassified Information
(U) Rec.A.4 : This recommendation is Controlled Unclassified Information
(U) Rec.A.5 : This recommendation is Controlled Unclassified Information
(U) Rec.A.5 : This recommendation is Controlled Unclassified Information
(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.
(U) Rec. B.1.a: The DoD OIG recommended that the Chief Information Officer for the Defense Finance and Accounting Service renegotiate changes with the Adobe Connect vendor to configure Adobe Connect to require privileged users to authenticate into the collaboration tool using multifactor authentication.
(U) Rec.B.1.b : This recommendation is Controlled Unclassified Information
(U) Rec.B.1.b : This recommendation is Controlled Unclassified Information
(U) Rec.B.2 : This recommendation is Controlled Unclassified Information
(U) Rec.B.2 : This recommendation is Controlled Unclassified Information
(U) Rec.B.3.a : This recommendation is Controlled Unclassified Information
(U) Rec.B.3.a : This recommendation is Controlled Unclassified Information
(U) Rec.B.3.b : This recommendation is Controlled Unclassified Information
(U) Rec.B.3.b : This recommendation is Controlled Unclassified Information
Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.
Rec. B.3.c: The DoD OIG recommended that the Chief Information Officer for the Defense Threat Reduction Agency configure Zoom for Government to lock user accounts after three unsuccessful logon attempts in a 15-minute period.
(U) Rec.C.1 : This recommendation is Controlled Unclassified Information
(U) Rec.C.1 : This recommendation is Controlled Unclassified Information
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
(U) Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
(U) Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
(U) Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
(U) Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
(U) Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
(U) Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
(U) Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
(U) Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
(U) Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
(U) Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
(U) Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.
FEMA Did Not Provide Sufficient Oversight of Project Airbridge
FEMA’s Management of Mission Assignments to Other Federal Agencies Needs Improvement
We recommend the FEMA Associate Administrator for Response and Recovery develop a process to ensure FEMA components comply with FEMA’s Mission Assignment Guide, requiring the formulation of comprehensive cost estimates during initiation and throughout the performance period for mission assignments.
We recommend the FEMA Associate Assistant Administrator for Response and Recovery evaluate the resources and other process improvements needed to ensure unliquidated obligations financial data are obtained, reviewed, and reported, as required per FEMA guidance.
We recommend the FEMA Deputy Administrator develop a risk-based process for reviewing documentation that supports mission assignment expenditures and apply this process to COVID-19 mission assignments to ensure eligibility of claimed costs.
We recommend the FEMA Associate Administrator for Response and Recovery obtain documentation supporting the more than $103 million for COVID-19 mission assignments and conduct a review to determine whether the costs comply with Federal and FEMA guidance.