Open Recommendations

The Chief Information Officer should implement procedures to periodically review the tracking logs of submissions received by the contractor to ensure timely processing.

The Chief Information Officer should ensure ongoing coordination with the Treasury Department so that the required metrics are collected by the IRS and submitted appropriately, from the third quarter of Fiscal Year 2024, and quarterly thereafter.

Remediate the 7 findings and 19 associated recommendations identified in Cloud Platform #1 and the applications built on Cloud Platform #1.

Remediate the 8 findings and 11 associated recommendations identified in Cloud Platform #2 and the applications built on Cloud Platform #2.

Remediate the 4 findings and 5 associated recommendations identified in the applications built on Cloud Platform #3.

Remediate the 3 findings and 6 associated recommendations identified in Cloud Platform #4.

Remediate the 4 findings and 7 associated recommendations identified in Cloud Platform #5.

This recommendation is redacted.

Design and implement a plan to prevent, detect, and remediate security weaknesses on FDICcloud platforms and applications related to insecure coding practices, misconfigured securitysettings, least privilege violations, outdated software versions, and ineffective monitoring

Formalize the designation of a SAOGI in NASA policy to institutionalize the role

We recommend that the Executive Assistant Commissioner of CBP’s Office of Field Operations develop and implement a plan to ensure effective oversight and monitoring by assessing the results of the monthly statute of limitations report reviews from the Fines, Penalties, and Forfeitures field offices.

We recommend that the Executive Assistant Commissioner of CBP’s Office of Field Operations implement a plan to ensure effective oversight and monitoring by increasing the frequency of oversight surveys of Fines, Penalties, and Forfeitures field offices. This includes establishing a plan to follow up with field offices with unsatisfactory survey results in a timely manner.

We recommend the TSA Administrator, in coordination with the Secretary and the Office of Management and Budget, work with Congress and the Department to resolve funding shortfalls or request Congress amend or repeal the requirements identified in our report for which TSA did not receive sufficient funding.

We recommend the TSA Administrator, in coordination with the Secretary and the Office of Management and Budget, work with Congress to amend or repeal the requirements identified in our report that TSA indicated it did not plan to implement.

We recommend the TSA Administrator report to Congress on the requirements identified in our report as not fully implemented based on insufficient evidence where TSA disagreed with our assessment.

Correct the processing or payment errors in our sample that resulted in an overage or arrearage to the beneficiaries or incorrect updates to beneficiary records.

Create uniform guidance or policy, providing comprehensive instructions on how to properly process this cyclical workload, possibly using the different training guides already developed by the Social Security Administration.

Re-evaluate this workload with the Centers for Medicare & Medicaid Services (CMS) to determine whether the current process can be improved based on the changes in technology and CMS capabilities.

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, implement automated monitoring via DHS’ Continuous Diagnostics and Mitigation program for components applicable to TVA’s information security continuous monitoring strategy and update processes for developing and maintaining an accurate and complete inventory of TVA’s information systems to include automation and near real-time updates.

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, implement, assess, and maintain common secure configuration settings for all information systems.

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, define, consistently implement, and communicate qualitative and quantitative performance measures on the effectiveness of its configuration management plan.

We recommend the Vice President and Chief Information and Digital Officer, Technology and Innovation, perform the configuration management roles and responsibilities that have been defined for common secure configurations, enterprise-wide configuration management plans, and flaw remediation processes.

Update the Collection Point Management System to differentiate between blue collection and high security collection boxes to accurately reflect inventories for all stations nationwide.

Reiterate arrow key security policies and responsibilities to managers and supervisors in San Francisco, CA.

Confirm all arrow keys are added to the inventory in the Retail and Delivery Analytics and Reports system and, when necessary, reported to the Postal Inspection Service.