Federal Reports

The Federal Information Security Modernization Act of 2014 requires Federal agencies to develop, implement, and manage agency-wide information security programs. Agencies are also required to provide acceptable levels of security for the information and systems that support their operations and assets.

The Federal Information Security Modernization Act of 2014 also mandates that the Office of Inspector General conduct an independent evaluation to determine whether the Department of Energy’s unclassified cybersecurity program adequately protected its data and information systems in accordance with Federal and Department requirements.

Our fiscal year 2024 Federal Information Security Modernization Act of 2014 evaluation determined that the Department, including the National Nuclear Security Administration, had taken actions to address some of the previously identified weaknesses related to its unclassified cybersecurity program. While actions were taken to close 19 of 63 (30 percent) recommendations from our prior year audits and evaluations, 44 prior year recommendations remained open. We also issued 79 new recommendations throughout the fiscal year related to various areas of cybersecurity programs.

The weaknesses identified occurred for a variety of reasons. For instance, findings at some Department sites had occurred due to vulnerability management processes that were not fully effective in identifying, addressing, and/or remediating vulnerabilities. We also found that several sites had not fully developed and/or maintained policies and procedures to help facilitate the design and implementation of security controls.

Without improvements to address the weaknesses identified in our report, the Department may be unable to adequately protect its information systems and data from compromise, loss, or modification.

When fully implemented, the 123 recommendations made during fiscal year 2024 should help to enhance the Department’s unclassified cybersecurity program. The Department should emphasize closing findings in a timely manner, especially those findings repeated from prior years. As cybersecurity remains an ongoing challenge, it is important that the Department take action to implement the latest Federal cybersecurity requirements and enhancements to assist in ensuring adequate protection of the Department’s data and information systems at risk to emerging threats and vulnerabilities.
 

Priority Mail Express (PME), formerly Express Mail, was introduced in the 1970s as the U.S. Postal Service’s fastest product, and as the best option for customers to send time-sensitive documents and packages by offering a next-day to two-day service guarantee. Recent transformations to postal operations under the Delivering for America plan are changing the service standards for this premium product. Specifically, in October 2023, the Postal Service deployed a major operational change called Local Transportation Optimization (LTO) that reduced the number of transportation trips to and from select post offices. With LTO, mail collected at optimized post offices remained overnight, delaying its entry into sorting operations. As a result, most optimized post offices can no longer offer PME with a next-day service guarantee. To support this change, on April 1, 2025, the Postal Service revised PME to a one-to-three-day service guarantee. 

We conducted a performance audit of the Michigan Arts and Culture Council (Council) for the period of October 1, 2020 through September 30, 2023.  Based on our review, we determined the Council met program requirements for each award and generally complied with award criteria.  However, we identified opportunities for improvement in the Council’s subawarding and award management procedures and controls, and issues with select subrecipient costs.  We provided 12 recommendations to address the report findings – five to the Council and seven to the Arts Endowment.  We believe these recommendations, if implemented, will help ensure the Council meets Federal and Arts Endowment requirements and better manages its awards.