2IÀFHRI,QVSHFWRU*HQHUDO

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "2IÀFHRI,QVSHFWRU*HQHUDO"

Transcription

1 2IÀFHRI,QVSHFWRU*HQHUDO Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs OIG September 2014

2 Washington, DC / September 10, 2014 MEMORANDUM FOR: FROM: SUBJECT: Charles R. Armstrong Assistant Commissioner and Chief Information Officer U.S. Customs and Border Protection Richard Harsche Acting Assistant Inspector General Office of Information Technology Audits Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs Attached for your information is our final report, Enhancements in Technical Controls and Training Can Improve the Security of CBP s Trusted Traveler Programs. We incorporated the formal comments from the U.S. Customs and Border Protection in the final report. The report contains two recommendations aimed at improving CBP s use of radio frequency identification technology in their Trusted Traveler Programs. Your office concurred with two recommendations. As prescribed by the Department of Homeland Security Directive , Follow Up and Resolutions for Office of Inspector General Report Recommendations, within 90 days of the date of this memorandum, please provide our office with a written response that includes your (1) agreement or disagreement, (2) corrective action plan, and (3) target completion date for each recommendation. Also, please include responsible parties and any other supporting documentation necessary to inform us about the current status of the recommendation. Based on information provided in management s response to the draft report, we consider both recommendations to be open and resolved. Once your office has fully implemented the recommendations, please submit a formal closeout request to us within 30 days so that we may close the recommendations. The request should be accompanied by evidence of completion of agreed upon corrective actions. Please a signed PDF copy of all responses and closeout requests to Until your response is received and evaluated, the recommendations will be considered open and unresolved. Consistent with our responsibility under the Inspector General Act, we will provide copies of our report to appropriate congressional committees with oversight and

3 appropriation responsibility over the. We will post the report on our website for public dissemination. Please call me with any questions, or your staff may contact Chiu Tong Tsang, Director, Information Security Audit Division, at (202) Attachment 2 OIG

4 TableofContents ExecutiveSummary...1 Background...2 ResultsofAudit...4 ImprovementsNeededonSystemSecurityControls...6 Recommendation...8 ManagementCommentsandOIGAnalysis...8 SpecializedTrainingNeededtoEnsureSensitiveTTPDataisSecured.. 8 Recommendation...9 ManagementCommentsandOIGAnalysis 10 Appendixes AppendixA:Objectives,Scope,andMethodology...11 AppendixB:ManagementCommentstotheDraftReport...13 AppendixC:MajorContributorstoThisReport...15 AppendixD:ReportDistribution...16 Abbreviations CBP U.S.CustomsandBorderProtection DHS DepartmentofHomelandSecurity FAST FreeAccessandSecureTrade PII personallyidentifiableinformation RFID RadioFrequencyIdentification SENTRI SecureElectronicNetworkforTravelersRapidInspection TTP TrustedTravelerPrograms OIGͲ14Ͳ139

5 ExecutiveSummary TheUnitedStatesCustomsandBorderProtection(CBP)employsradiofrequency identificationtechnologyinitstrustedtravelerprogramstoallowpreͳscreened travelersexpeditedprocessingatdesignatedportsofentry.radiofrequency identificationisaformofautomaticidentificationanddatacapturetechnologythat usesradiofrequenciestotransmitinformation.theflexibilityandportabilityofradio frequencyidentificationtechnologyhasintroducednewsecurityriskstoagency systems,suchascloningofanidentificationtagandthesecurityofthedatabasethat storespersonaldata.withouteffectivesecuritycontrolsandproceduresoverthis technologyanditssupportinginfrastructure,unauthorizedindividualscouldmodify identificationtagcontentoraccesssensitivedatastoredinthesystemdatabases. OuroverallobjectivewastodeterminewhetherCBPhaseffectivelymanagedthe implementationofradiofrequencyidentificationtechnology.inaddition,we determinedwhetherthecomponenthadimplementedeffectivecontrolstocomplywith DHSinformationsecurityprogramrequirements. CBPimplementedeffectivephysicalcontrolsoverthereadersandcomputerequipment supportingthetrustedtravelersystemsattheportsofentryvisited.also,cbp implementedeffectivecontrolsontheserversanddatabasethatsupportthetrusted TravelerPrograms.Further,CBPhadsecuredthepersonalinformationcollectedunder thecomponent strustedtravelerprogramsandminimizedtheriskofusingtheradio frequencyidentificationtechnologybyrestrictinginformationstoredonthetrusted travelercards. However,CBPcanmakefurtherimprovementsbyimplementingtherequiredsecurity settingsonthesystemthatsupportsitstrustedtravelerprograms.also,administrators thatmanagethesystemmustreceivespecializedtrainingannuallytoensurethatthey havetheskillsnecessarytosecurethedatacollectedunderthetrustedtraveler Programs. WearemakingtworecommendationstotheAssistantCommissionerandChief InformationOfficertoimprovethesecurityofitssystemsthatsupporttheTrusted TravelerPrograms.CBPconcurredwithallrecommendationsandhasbeguntotake actionstoimplementthem.cbp sresponsesaresummarizedandevaluatedinthebody ofthisreportandincluded,intheirentirety,asappendixb. 1 OIGͲ14Ͳ139

6 Background RadioFrequencyIdentification(RFID)isaformofautomaticidentificationanddata capturetechnologythatusesradiofrequenciestotransmitinformation.rfidtagsare affixedorembeddedtoitemstoprovideidentification.thetaghasauniqueidentifier thatcanholdadditionalinformation.devicesknownasrfidreaderscommunicate wirelesslywiththetagstoidentifytheitemsconnectedtoeachtagandreadorupdate additionalinformationstoredonthetag.thesystemoftagsandreadersisoften supportedbyservers,databases,andworkstations.figure1showsthecomponentsof anrfidsystem,includingatag,reader,anddatabase. RFIDTag RFIDReader Database Figure1.ComponentsofanRFIDsystem Tagsneedpowertoperformfunctions,suchassendingradiosignalstoareader,storing andretrievingdata,andperformingothercomputations.thefourtypesoftagsinclude: x Activetagshaveaninternalpowersourceandcantransmitoveragreater distance. x SemiͲactivetagsremaindormantuntiltheyreceiveasignalfromthereaderto activate. x Passivetagsdonotuseaseparateorexternalpowersource,butinsteadobtain operatingpowerfromthetagreader.passivetagsaretypicallycheaper,smaller, andlighterthanothertypesoftags. x SemiͲpassivetagsuseaninternalpowersourcetomonitorenvironmental conditionsandrequireradiofrequencyenergytransferredfromthereaderto poweratag sresponse. TheflexibilityandportabilityofRFIDtechnologyhasintroducednewsecurityrisksto agencysystems,suchascloningofanrfidtagandthesecurityofthedatabasethat 2 OIGͲ14Ͳ139

7 storespersonaldata. 1 Withouteffectivesecuritycontrolsandproceduresoverthis technologyanditssupportinginfrastructure,unauthorizedindividualscouldmodifytag contentoraccesssensitivedatastoredinthesystemdatabases. CBPemploysRFIDtechnologyaspartofitsTrustedTravelerPrograms(TTP)toallow preͳscreenedtravelersexpeditedprocessingatdesignatedportsofentry.cbpattaches anrfidtagineachttpcard.travelerswhowishtoparticipateinttpvoluntarilysubmit personallyidentifiableinformation(pii)throughawebͳbasedapplicationsystemcbp usestohandlettp senrollmentandvettingprocesses.cbpstoresapplicants data(e.g., biographicdata,facialphotographs,andbackgroundinvestigationresults)inadatabase. Attheborder,RFIDreadersscantheTTPcardsandusetheuniquenumberembeddedin eachcardtoretrievethetraveler sdatathroughanencryptednetwork.thecbpofficer usesthetraveler sinformationdisplayedonamonitortoauthenticatethetraveler s identity.cbpemploysrfidtechnologyinthefollowingthreesubprogramswithinttp: FreeAccessandSecureTrade(FAST) FASTisavailableforcommercialtruckdrivers,whohavecompletedfavorable backgroundchecksandfulfillcertaineligibilityrequirements,at17landportsofentry onthenorthernborderand17onthesouthernborderthatservecommercialcargo. ThemajorityofdedicatedFASTlanesarelocatedalongthenorthernborderportsin Michigan,NewYork,andWashington,andatsouthernborderportsfromCaliforniato Texas.AsofSeptember2013,therewereapproximately86,000driversapprovedfor thisprogram.figure2showsafastttpcard. Figure2.FASTTTPcard NEXUS NEXUSisavailableforpreͲapproved,lowͲrisktravelersbetweentheU.S.andCanadavia theair,land,orseaenvironments.asofseptember2013,therewereapproximately 250,000travelersenrolledinNEXUS. 1 CloningistheillegitimateduplicationoftheinformationstoredintheRFIDtagportionoftheRFIDenabledcard. 3 OIGͲ14Ͳ139

8 SecureElectronicNetworkforTravelersRapidInspection(SENTRI) SENTRIisavailableforpreͲapproved,lowͲrisktravelersalongthesouthernlandborder. SENTRIisavailableforbothvehicleandpedestrianbordercrossers.Eachofthe participatingportshasdesignatedvehicleandpedestrianlanesforsentricardholders. VehiclesmustbepreͲinspected,registered,andissuedwithawindshielddecalfor bordercrossings.asofseptember2013,therewereapproximately91,000travelers enrolledinsentri.figure3showssentrirfidreadingequipmentandassociated borderlanes. Figure3.SENTRIRFIDreadingequipmentandborderlanes InMay2006,wereportedthatCBPhadnotimplementedeffectivecontrolstoprotect criticaldataprocessedbyitstrustedtravelersystems.inaddition,cbphadnot developedadequatepoliciesandprocedurestoensurethatsecuritycontrolswere implementedconsistentlybyallportsofentrytoprotectthetrustedtravelersystems. Lastly,CBPhadnotensuredthatitstrustedtravelersystemsfullycompliedwithall FederalInformationSecurityManagementActrequirements. 2 ResultsofAudit UsingRFIDToExpediteBorderCrossings CBPhasexpeditedbordercrossingsbyusingRFIDtechnologyforregisteredtravelers enrolledinthettp.inaddition,cbpmaintainstheintegrityofthettpthrougha stringentscreeningprocessthatincludesautomatedsearchesagainstmultiplelaw enforcementdatabases,24ͳhoursystemcheckstoverifystatusofenrolledtravelers, andrandomselectionsofregisteredtravelersforsecondaryinspection.further,cbp developedattphandbookthatincludesproceduresforinspectingtravelersattheports 2 CBP strustedtravelersystemsusingrfidtechnologyrequireenhancedsecurity(oigͳ06ͳ36,may2006). 4 OIGͲ14Ͳ139

9 ofentryandpoliciesforenrollingtravelersintothettp.toreducetheriskoftheftof PII,CBPstoresauniqueidentificationnumberembeddedinTTPcardsandlocksthe RFIDmemorychiptopreventmodificationofstoreddata. CBPhastakenthefollowingactionstocreateanenvironmentandinfrastructure necessarytoenhancelegitimatetradeandtravel: x Implementedeffectivephysicalcontrolsoverthereadersandcomputer equipmentsupportingthetrustedtravelersystemsattheportsofentryvisited. Specifically,wenotedthatreaderswereprotectedfromunauthorizedaccessina lockedboxandsupportinginformationtechnologyinfrastructure (i.e.,accesstothedatabaseandservers)arelocatedwithinagated,restricted accessfacility. x Establishedatestenvironmentthatsimulateslandborderinboundand outboundinspectionoperationstotestnewandexistingapplicationsatcbp s governmenttestlanefacility. PatchProgramSupportingtheTTP CBPhasimplementedaprogramtoapplysecuritypatchesontheserversanddatabases thatsupportthettp. 3 CBPhasdevelopedpoliciesandprocedurestooutlineitspatching andchangecontrolprocessestoapplychangestothesysteminacontrolledand coordinatedmanner.additionally,cbphasinstitutedavulnerabilityassessmentteam toconductsecurityassessmentsmonthlytoidentifymissingpatchesonitssystems. Lastly,CBPhascreatedtestingenvironmentstoobservetheeffectsofsecuritypatches priortodeployingtoproductionsystems. RFIDTagSecurity WeusedacommerciallyavailableRFIDtagreadertoaccesstheinformationstoredon TTPcardsatselectedportsofentryalongthenorthernandsouthernbordersand evaluatedtheeffectivenessofsecuritycontrolsimplementedonttpcards.we simulatedthesameprocessusedbycbp srfidreaderandattemptedtorecordttp enrollees informationwithourownreader,asthetravelersenteredthelanes.we verifiedthatcbpdidnotstoreanypiionthettpcardsandonlytheunique identificationnumberwaspresent.intheeventthatanattackerobtainedthis informationtoproduceaduplicatecard,cbpofficerscanminimizethethreatby 3 Asecuritypatchisanupdatedesignedtofixvulnerabilitiesinapplicationsoroperatingsystems. 5 OIGͲ14Ͳ139

10 verifyingthetravelers PIIandpicturepresentedontheirterminal.Weperformed testingateightportsofentry,withdifferentlanetypes,todetermineifcbpconsistently implementedtherfidtechnologyacrossthettp.figure4depictsportsofentryvisited andspecificttpsubprogramspresentattheseports. PortofEntry FAST SENTRI NEXUS RainbowBridge(NewYork) X X WhirlpoolBridge(NewYork) X PeaceBridge(NewYork) X X PeaceArch(Washington) X X PacificHighway(Washington) X X SanYsidro(California) X X Calexico(California) X X OtayMesa(California) X X Figure4.PortsofEntryVisitedandTTPSubprograms WhileCBPhadtakenactionstosecuretravelers PII,includingsafeguardstolessenthe risksofusingrfidtechnology,weidentifieddeficienciesinotherareasofttpthatneed improvements.specifically,weidentifieddeficienciesincbp simplementationof DepartmentofHomelandSecurity s(dhs)baselineconfigurationsettings,and personneloverseeingttpsystemshavenotreceivedtherequiredspecializedtraining annually. 4 ImprovementsNeededonSystemSecurityControls CBPhadnotimplementedalltherequiredDHSsecurityconfigurationsettingson itswindowsandoracleͳlinuxservers,whichmayallowunauthorizedindividuals togainaccesstosensitivedatausedtosupportthettp. 5 Toassessthe effectivenessofcontrolsimplementedonttpserversanddatabase,we interviewedselectedinformationtechnologyandprogrammanagement personnel.inaddition,wereviewedtheconfigurationsettingsonselected serversforcompliancewithapplicabledhsbaselineconfigurationguidance.we alsoreviewedtheconfigurationsettingsontheoracledatabasethatstoresthe PIIusedtoverifytravelerrecords. DHSestablishedbaselineconfigurationsettingsthatprovidetheguidelinesand parametersforensuringaminimumbaselineofsecuritywheninstallingor 4 Baselineconfigurationsettingsprovidesystemanddatabaseadministratorswithproceduresthatwillensurea minimumbaselineofsecurityintheinstallationandconfigurationofthehardwareandsoftware. 5 OracleͲLinuxistheserveroperatingsystemthatisusedtohostthedatabasetostoretraveler spii. 6 OIGͲ14Ͳ139

11 configuringoperatingsystems.theguidelinesincludecontrolsforuseraccess, passwordmanagement,auditing,andservices.thesesettingshelpsecurethe confidentiality,integrity,andavailabilityoftheinformationandsystem. TheresultsofourauditrevealedthatCBPhadimplemented85percentofthe selectedsecuritycontrolsoutlinedinthedhsbaselineconfigurationguidance fororacledatabases.cbpmanagementhadeitherobtainedawaiverfromdhs nottoimplementthesettingsordocumentedtheconfigurationmanagement deviationsweidentifiedinplansofactionandmilestones. 6 However,we identifiedthefollowingconfigurationsettingdeficienciesthatmaybeexploited onthewindowsandoracleͳlinuxserversifnotaddressedtimely: x MinimumpasswordageonWindowsandOracleͲLinuxserverswassetto permituserstochangetheirpasswordmorefrequentlythanrequired, whichmayallowtheusertochangetoafavoritepasswordquicker.this wouldallowausertouseafavoritepasswordrepeatedlyandforalonger periodoftime,whichincreasesthepossibilityofcompromised passwords.dhsrequiresthepasswordagebesetforaminimumof7 daysonlinuxservers,and1dayforwindowsservers.accordingtothe Windowsadministrators,thedeviationisessentialforpassword managementandcbphasimplementedpasswordhistorytoprevent usersfromreusingoldpasswords. 7 x Theaudittrailwassettorecordonlyunsuccessfulsystemevents(e.g., systemshutdown,timechanged).recordingthecorrecttypeofsystem eventisimportanttoreconstructsecurityincidents.dhsrequiresonly successfulsystemeventsberecorded. x x DHSrequirestheuseofWindowsNTLANManagerversion2,to authenticatetheidentityofusersandothersystems.however,cbpused anolderandlesssecureversionofauthenticationprotocol. DHSprohibitstheuseofanunrestricteduseraccount(i.e.,root)tolog intosystemsthroughanencryptedconnection.whentherootaccountis sharedbetweendifferentadministratorsactionstakenthroughan encryptedconnection,suchasmodificationoffiles,cannotbetracked. 6 Aplanofactionandmilestoneisatoolidentifyingtasksthatneedtobeaccomplished. 7 Passwordhistorysetshowfrequentlyoldpasswordscanbereused.Thissettingcanbeusedtodiscourageusers fromchangingbackandforthbetweenasetofcommonpasswords. 7 OIGͲ14Ͳ139

12 CBPconfigureditsLinuxoperatingsystemstoallowrootuserstologinon encryptedconnections. Withoutimplementingtherequiredconfigurationsettings,CBPcannotensure thatthesystemthatsupportsitsttpissecuredandprotectedfrom unauthorizedaccess.further,rfidsystemsoperatingwithouttherequired configurationsettingsincreasesthepossibilitythatmalicioususerscan circumventthesecuritycontrolsprotectingcbpsystems. Recommendation WerecommendthattheAssistantCommissionerandChiefInformationOfficer: Recommendation#1: ImplementtherequiredDHSsensitivesystemsconfigurationsettingson WindowsandOracleͲLinuxserversthatsupporttheTTPoraccepttheriskby documentingthedeviationsinthesystemsecurityplan. ManagementCommentsandOIGAnalysis CBPconcurredwithrecommendation1.CBPwillevaluatethecurrentsettingson WindowsandLinuxanddeterminetheneedtoimplementtherequiredsettings. CBPestimatesthecorrectiveactionswillbecompletedbyFebruary28,2015. WeagreethatthestepsCBPistaking,andplanstotake,begintosatisfythis recommendation.thisrecommendationwillremainopenandresolveduntilcbp providessupportingdocumentationthatallplannedcorrectiveactionsare completed. SpecializedTrainingNeededToEnsureSensitiveTTPDataisSecured Theadministrators,whoareresponsibleformanagingtheglobalenrollment systemanditssubsystems,havenotreceivedtherequiredspecializedtraining withinthepastyear.sincetheglobalenrollmentsystemholdsttpparticipants PII,itiscriticalthatadministratorsobtaintherequiredtrainingtoproperly securethedata.ourauditoftrainingrecordsfor14technicalpersonnel (e.g.,informationsystemssecurityofficers,systemadministrators)revealed thatwhileallhadtakentherequireddhssecurityawarenessandprivacy 8 OIGͲ14Ͳ139

13 awarenesstraining,only2hadtakenspecializedtrainingwithintherequired timeframe. DHSrequiresthatpersonnel,contractors,andothersworkingonbehalfofDHS withsignificantsecurityresponsibilitiesshallreceiveinitialspecializedtraining andthereafterrefreshertrainingannuallyspecifictotheirsecurity responsibilities.cbpmustprovideseniormanagers,systemowners,and informationtechnologyprojectmanagersspecializedsecurityͳrelatedtraining. DuetoalackoffundingandtheDepartment sdiscontinuationofthespecialized, technicaltrainingcourses,cbpcouldnotsenditspersonnelwithsignificant responsibilitiestotraining,suchasthedhsinfosecintroductoryinformation SystemSecurityOfficerandtheDHSINFOSECSystemAdministratorcourses.CBP officialstoldusthatdhshadnotdevelopedanynewtechnicaltrainingto replacediscontinuedcoursesandtherewerenoindicationstodoso.further, CBPdoesnothavesufficientresourcestoprovidethesecoursesbutwill continuetoaccessthetechnicaltrainingavailablewithinthecbpvirtual LearningCenteranddevelopreplacementtrainingcourses. Withoutspecializedtraining,technicalpersonnelmaynotpossesstheskills necessarytoperformtheirassignedsecurityresponsibilitiestosafeguardpii data.specializedtrainingisofparticularimportancetothosewithaccesstothe globalenrollmentsystembecausethissystemcontainspiiusedinthe productionofttpcards. Recommendation WerecommendthattheAssistantCommissionerandChiefInformationOfficer: Recommendation#2: Providetechnicalstaffwiththerequiredspecializedtrainingsandskillsnecessary toproperlysecuretheglobalenrollmentsystemandthesensitiveinformation residingwithinthesystem. CBPconcurredwithrecommendation2.CBPplanstoaugmentitsroleͲbased securityprogramoverthenextseveralmonthstoincludeadditionalcoursesby March31, OIGͲ14Ͳ139

14 ManagementCommentsandOIGAnalysis WeagreethatthestepsCBPistaking,andplanstotake,begintosatisfythis recommendation.thisrecommendationwillremainopenandresolveduntilcbp providessupportingdocumentationthatallplannedcorrectiveactionsare completed OIGͲ14Ͳ139

15 AppendixA Objectives,Scope,andMethodology TheDepartmentofHomelandSecurityOfficeofInspectorGeneralwasestablishedby thehomelandsecurityactof2002(publiclaw107о296)byamendmenttothe InspectorGeneralActof1978.Thisisoneofaseriesofaudit,inspection,andspecial reportspreparedaspartofouroversightresponsibilitiestopromoteeconomy, efficiency,andeffectivenesswithinthedepartment. TheobjectiveofourauditwastodeterminewhetherCBPhaseffectivelymanagedthe implementationofrfidtechnology.specifically,wedeterminedwhethercbphas accomplishedthefollowing: x x x x Developedadequatepoliciesandprocedurestoensuretheconfidentiality, integrity,andavailabilityofdatacontainedonrfidtags,readers,and databases. ImplementedeffectivesecuritycontrolsonitsRFIDdevicestoprotectthe sensitivedatacollected,processed,andgenerated. DevelopedeffectivepoliciesandprocedurestoprotectthePIIcollectedbyand storedontherfidsystem. CompliedwithapplicableDHSinformationsecurityprogramrequirementson RFIDsystems. OurauditfocusedonCBP suseandmanagementofrfidtechnologyforlandborder managementincompliancewithapplicablecriteriaandrequirementsoutlinedinthe DHS4300ASensitiveSystemsHandbook(July2012),DHS4300ASensitiveSystemsPolicy (May2013),DHSHandbookforSafeguardingSensitivePersonallyIdentifiable Information(March2012),DHSBaselineConfigurationGuidance,andNationalInstitute ofstandardsandtechnologyspecialpublication800ͳ98,guidelinesforsecuringrfid Systems(April2007),andSpecialPublication800Ͳ53,SecurityandPrivacyControlsfor FederalInformationSystemsandOrganizations(April2013).Weinterviewedselected programofficialsandtechnicalstafftodiscussthettp,technicaltesting,andany privacyincidentsinvolvingrfid. Weconductedourworkattheprogramlevelandvisitedlandbordercrossingsin Buffalo,NewYork,andBlaineandLynden,Washington,ontheNorthernborder,and Calexico,OtayMesa,andSanYsidro,California,ontheSouthernborder.Wevisitedthe 11 OIGͲ14Ͳ139

16 GovernmentTestLaneFacilityinVirginiatoobtainanoverviewoftheRFIDlanesand testourequipment.weperformedtechnicaltestingtochecksecuritycontrols,identify knownsecurityvulnerabilities,andevaluatewhethercbpconfiguresitsrfiddevicesin accordancewithapplicablepoliciesandstandards.weconductedvulnerability assessmentsandanalysisusingtenablenessusandapplicationdetectiveonsupporting serversanddatabasesthatsupportthettp. WeconductedthisperformanceauditbetweenNovember2013andMarch2014 pursuanttotheinspectorgeneralactof1978,asamended,andaccordingtogenerally acceptedgovernmentauditingstandards.thosestandardsrequirethatweplanand performtheaudittoobtainsufficient,appropriateevidencetoprovideareasonable basisforourfindingsandconclusionsbaseduponourauditobjectives.webelievethat theevidenceobtainedprovidesareasonablebasisforourfindingsandconclusions baseduponourauditobjectives OIGͲ14Ͳ139

17 AppendixB ManagementCommentstotheDraftReport 13 OIGͲ14Ͳ139

18 14 OIGͲ14Ͳ139

19 AppendixC MajorContributorstoThisReport ChiuͲTongTsang,Director TarshaCary,AuditManager ShannonE.Frenyea,SeniorProgramAnalyst ThomasRohrback,SeniorITSpecialist MeganRyno,ProgramAnalyst Referencer,PhilipGreene 15 OIGͲ14Ͳ139

20 AppendixD ReportDistribution DepartmentofHomeland Secretary DeputySecretary ChiefofStaff DeputyChiefofStaff GeneralCounsel ExecutiveSecretary Director,GAO/OIGLiaisonOffice AssistantSecretaryforOfficeofPolicy AssistantSecretaryforOfficeofPublicAffairs AssistantSecretaryforOfficeofLegislativeAffairs CBPAuditLiaison ChiefPrivacyOfficer Commissioner,CBP AssistantCommissionerandChiefInformationOfficer,CBP ChiefInformationSecurityOfficer,CBP AssistantCommissioner,OfficeofFieldOperations,CBP OfficeofManagementandBudget Chief,HomelandSecurityBranch DHSOIGBudgetExaminer Congress CongressionalOversightandAppropriationsCommittees,asappropriate 16 OIGͲ14Ͳ139

21 ADDITIONAL INFORMATION To view this and any of our other reports, please visit our website at: For further information or questions, please contact Office of Inspector General (OIG) Office of Public Affairs at: or follow us on Twitter OIG HOTLINE To expedite the reporting of alleged fraud, waste, abuse or mismanagement, or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations, please visit our website at and click on the red tab titled "Hotline" to report. You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form. Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG. Should you be unable to access our website, you may submit your complaint in writing to: Office of Inspector General, Mail Stop 0305 Attention: Office of Investigations Hotline 245 Murray Drive, SW Washington, DC You may also call 1(800) or fax the complaint directly to us at (202) The OIG seeks to protect the identity of each writer and caller.

2IÀFHRI,QVSHFWRU*HQHUDO

2IÀFHRI,QVSHFWRU*HQHUDO 2IÀFHRI,QVSHFWRU*HQHUDO FEMA s Efforts To Collect a $23.1 Million Debt from the State of Louisiana Should Have Been More Aggressive OIG-14-134-D September 2014 Washington, DC 20528 / www.oig.dhs.gov September

More information

2IÀFHRI,QVSHFWRU*HQHUDO

2IÀFHRI,QVSHFWRU*HQHUDO 2IÀFHRI,QVSHFWRU*HQHUDO DHS Does Not Adequately Manage or Have Enforcement Authority Over Its Components' Vehicle Fleet Operations OIG-14-126 August 2014 August 21, 2014 TableofContents ExecutiveSummary...1

More information

2IÀFHRI,QVSHFWRU*HQHUDO

2IÀFHRI,QVSHFWRU*HQHUDO 2IÀFHRI,QVSHFWRU*HQHUDO FEMA s Slab Removal Waiver in Oklahoma 4117-DR-OK OIG-14-100-D June 2014 Washington, DC 20528 / www.oig.dhs.gov June 6, 2014 MEMORANDUM FOR: George A. Robinson Regional Administrator,

More information

FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices

FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices FEMA Needs To Track Performance Data and Develop Policies, Procedures, and Performance Measures for Long Term Recovery Offices October 30, 2014 OIG-15-06-D HIGHLIGHTS FEMANeedstoTrackPerformanceDataand

More information

Department of Homeland Security

Department of Homeland Security DHS System To Enable Telework Needs a Disaster Recovery Capability OIG-14-55 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 21, 2014 MEMORANDUM FOR: FROM: SUBJECT: Luke J. McCormack Chief Information

More information

Department of Homeland Security

Department of Homeland Security U.S. Citizenship and Immigration Services Tracking and Monitoring of Potentially Fraudulent Petitions and Applications for Family-Based Immigration Benefits OIG-13-97 June 2013 Washington, DC 20528 / www.oig.dhs.gov

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Management Directorate s Management Letter for FY 2013 DHS Financial Statements Audit OIG-14-73 April 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington,

More information

Department of Homeland Security

Department of Homeland Security CBP Acquisition of Aviation Management Tracking System OIG-12-104 (Revised) August 2012 August 31, 2012 Background The (DHS) has the world s largest law enforcement aviation organization. Both U.S. Customs

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Review of the Department of Homeland Security s Master List of Recovery Act Contracts and Grants American Recovery and Reinvestment Act of 2009

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Offce of Intelligence and Analysis Management Letter for FY 2012 DHS Consolidated Financial Statements Audit OIG-13-76 April 2013 OFFICE OF INSPECTOR GENERAL Department

More information

Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report

Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report Review of U.S. Coast Guard's FY 2014 Drug Control Performance Summary Report January 26, 2015 OIG-15-27 HIGHLIGHTS Review of U.S. Coast Guard s FY 2014 Drug Control Performance Summary Report January 26,

More information

2IÀFHRI,QVSHFWRU*HQHUDO

2IÀFHRI,QVSHFWRU*HQHUDO 2IÀFHRI,QVSHFWRU*HQHUDO Santa Clara Pueblo, New Mexico, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements OIG-14-128-D August 2014 Washington, DC 20528 I www.oig.dhs.gov

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Special Review of the Science and Technology Directorate s Contracts with a Small Business (Summary) OIG-10-103 July 2010 Office of Inspector

More information

2IÀFHRI,QVSHFWRU*HQHUDO

2IÀFHRI,QVSHFWRU*HQHUDO 2IÀFHRI,QVSHFWRU*HQHUDO FEMA Should Recover $8.0 Million of $26.6 Million in Public Assistance Grant Funds Awarded to St. Stanislaus College Preparatory in Mississippi Hurricane Katrina OIG-14-95-D May

More information

Department of Homeland Security

Department of Homeland Security FEMA Public Assistance Grant Funds Awarded to South Florida Water Management District Under Hurricane Charley DA-12-23 August 2012 Washington, DC 20528 / www.oig.dhs.gov AUG 2 7 2012 MEMORANDUM FOR: agement

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security United States Secret Service s Management Letter for FY 2013 DHS Financial Statements Audit OIG-14-74 April 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland Security

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Insurance Allocations to FEMA Public Assistance Grant Funds Awarded to the Administrators of the Tulane Educational Fund, New Orleans, Louisiana DD-12-10 April 2012 Office

More information

Department of Homeland Security

Department of Homeland Security Implementation Status of EINSTEIN 3 Accelerated OIG-14-52 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 24, 2014 MEMORANDUM FOR: FROM: SUBJECT: Bobbie Stempfley Acting Assistant Secretary Office

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security National Flood Insurance Program s Management Letter for FY 2011 DHS Consolidated Financial Statements Audit (Redacted) OIG-12-71 April 2012 (Revised) Office of Inspector

More information

Department of Homeland Security

Department of Homeland Security for the Immigration and Customs Enforcement Component of the FY 2013 Department of Homeland Security s Financial Statement Audit OIG-14-85 April 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland

More information

Management Advisory - The Transportation Security Administration's Failure to Address Two Recommendations to Improve the Efficiency and Effectiveness

Management Advisory - The Transportation Security Administration's Failure to Address Two Recommendations to Improve the Efficiency and Effectiveness Management Advisory - The Transportation Security Administration's Failure to Address Two Recommendations to Improve the Efficiency and Effectiveness of Its Office of Inspection July 6, 2015 July 6, 2015

More information

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process

Department of Homeland Security Office of Inspector General. Review of U.S. Coast Guard Enterprise Architecture Implementation Process Department of Homeland Security Office of Inspector General Review of U.S. Coast Guard Enterprise Architecture Implementation Process OIG-09-93 July 2009 Contents/Abbreviations Executive Summary...1 Background...2

More information

Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements

Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements Gwinnett County, Georgia, Generally Accounted for and Expended FEMA Public Assistance Grant Funds According to Federal Requirements February 20, 2015 HIGHLIGHTS Gwinnett County, Georgia, Generally Accounted

More information

Actions Taken by the Federal Emergency Management Agency in Response to an Allegation Concerning the Application for a Station Construction Grant

Actions Taken by the Federal Emergency Management Agency in Response to an Allegation Concerning the Application for a Station Construction Grant Actions Taken by the Federal Emergency Management Agency in Response to an Allegation Concerning the Application for a Station Construction Grant Submitted by the University City, Missouri, Fire Department

More information

Department of Homeland Security. U.S. Coast Guard s Maritime Patrol Aircraft

Department of Homeland Security. U.S. Coast Guard s Maritime Patrol Aircraft Department of Homeland Security OIG-12-73 (Revised) August 2012 August 31, 2012 Office of Inspector General U.S. Department of Homeland Security Washington, DC 20528 August 31, 2012 Preface The Department

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Final Letter Report: Potential Duplicate Benefits Between FEMA s National Flood Insurance Program and Housing Assistance Programs OIG-09-102

More information

The City of Atlanta, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in September 2009

The City of Atlanta, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in September 2009 The City of Atlanta, Georgia, Effectively Managed FEMA Public Assistance Grant Funds Awarded for Severe Storms and Flooding in September 2009 May 19, 2015 DHS OIG HIGHLIGHTS The City of Atlanta, Georgia,

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security United States Coast Guard s Management Letter for FY 2012 DHS Consolidated Financial Statements Audit OIG-13-59 April 2013 OFFICE OF INSPECTOR GENERAL Department of Homeland

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Review of Costs Invoiced by the City of San Antonio Relating to the San Antonio International Airport Terminal B Checked Baggage Screening Project Under Other Transaction

More information

Department of Homeland Security Office of Inspector General. Immigration and Customs Enforcement Management Controls Over Detainee Telephone Services

Department of Homeland Security Office of Inspector General. Immigration and Customs Enforcement Management Controls Over Detainee Telephone Services Department of Homeland Security Office of Inspector General Immigration and Customs Enforcement Management Controls Over Detainee Telephone Services OIG-10-36 January 2010 Office of Inspector General U.S.

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Vulnerabilities Highlight the Need for More Effective Web Security Management (Redacted) OIG-09-101 September 2009 Office of Inspector General

More information

Lawrence County Engineer, Ohio, Generally Accounted For and Expended FEMA Grant Funds Properly

Lawrence County Engineer, Ohio, Generally Accounted For and Expended FEMA Grant Funds Properly Lawrence County Engineer, Ohio, Generally Accounted For and Expended FEMA Grant Funds Properly June 25, 2015 OIG-15-110-D June 25, 2015 Why We Did This Lawrence County Engineer, Ohio (Lawrence), received

More information

Department of Homeland Security

Department of Homeland Security DHS Home-to-Work Transportation OIG-14-21 December 2013 OFFJCE OF lnspec."'or GENERAL Wrtshingwtl. 0(' 20:52K :' www.oii-t.db:i.go\' MEMORANDUM FOR: FROM: SUBJECT: The Honorable Rafael Borras Under Secretary

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Penetration Testing of Law Enforcement Credential Used to Bypass Screening (Unclassified Summary) OIG-09-99 September 2009 Office of Inspector

More information

Department of Homeland Security Office of Inspector General. FLETC Leases for Dormitories 1 and 3

Department of Homeland Security Office of Inspector General. FLETC Leases for Dormitories 1 and 3 Department of Homeland Security Office of Inspector General FLETC Leases for Dormitories 1 and 3 OIG-10-02 October 2009 Office of Inspector General U.S. Department of Homeland Security Washington, DC 20528

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Sales of the Federal Emergency Management Agency Travel Trailers and Mobile Homes OIG-07-41 May 2007 Office of Inspector General U.S. Department

More information

The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised)

The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised) The United States Secret Service Has Adequate Oversight and Management of its Acquisitions (Revised) February 10, 2015 OIG-15-21 HIGHLIGHTS The United States Secret Service Has Adequate Oversight and Management

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY < Office of Inspector General Letter Report: Review of DHS Financial Systems Consolidation Project OIG-08-47 May 2008 Office of Inspector General U.S. Department of Homeland

More information

Department of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application

Department of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application Department of Homeland Security Office of Inspector General Audit of Application Controls for FEMA's Individual Assistance Payment Application OIG-09-104 September 2009 Table of Contents Objectives,

More information

Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit

Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit Office of Financial Management's Management Letter for DHS' FY 2014 Financial Statements Audit April 16, 2015 OIG-15-70 HIGHLIGHTS Office of Financial Management s Management Letter for DHS FY 2014 Financial

More information

Security Concerns with Federal Emergency Management Agency's egrants Grant Management System

Security Concerns with Federal Emergency Management Agency's egrants Grant Management System Security Concerns with Federal Emergency Management Agency's egrants Grant Management System November 19, 2015 OIG-16-11 DHS OIG HIGHLIGHTS Security Concerns with Federal Emergency Management Agency s

More information

The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight

The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight The U.S. Coast Guard Travel to Obtain Health Care Program Needs Improved Policies and Better Oversight February 9, 2015 OIG-15-31 HIGHLIGHTS The U.S. Coast Guard Travel to Obtain Health Care Program Needs

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Review of DHS Security Controls for Portable Storage Devices OIG-08-95 September 2008 Office of Inspector General U.S. Department of Homeland

More information

Department of Homeland Security

Department of Homeland Security Costs Invoiced by McKing Consulting Corporation Under Order Number HSFEHQ-05-F-0438 American Recovery and Reinvestment Act of 2009 OIG-12-106 July 2012 Washington. DC 20528 1 www.oig.dhs.gov JUL 30 2012

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted

More information

May 2, 2016 OIG-16-69

May 2, 2016 OIG-16-69 Information Technology Management Letter for the United States Secret Service Component of the FY 2015 Department of Homeland Security Financial Statement Audit May 2, 2016 OIG-16-69 DHS OIG HIGHLIGHTS

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General U.S. Customs and Border Protection s Oversight of the Permit to Transfer Process for Cargo Containers OIG-11-28 January 2011 Background Section

More information

The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program

The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program May 6, 2015 OIG-15-86 HIGHLIGHTS The Transportation Security Administration Does

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

March 17, 2015 OIG-15-43

March 17, 2015 OIG-15-43 Information Technology Management Letter for the U.S. Citizenship and Immigration Services Component of the FY 2014 Department of Homeland Security Financial Statement Audit March 17, 2015 OIG-15-43 HIGHLIGHTS

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Enhanced Configuration Controls and Management Policies Can Improve USCG Network Security (Redacted) Notice: The Department of Homeland Security,

More information

FEMA Faces Challenges in Verifying Applicants' Insurance Policies for the Individuals and Households Program

FEMA Faces Challenges in Verifying Applicants' Insurance Policies for the Individuals and Households Program FEMA Faces Challenges in Verifying Applicants' Insurance Policies for the Individuals and Households Program October 6, 2015 OIG-16-01-D DHS OIG HIGHLIGHTS FEMA Faces Challenges in Verifying Applicants

More information

FEMA Should Disallow over $4 Million Awarded to Mountain View Electric Association, Colorado, for Improper Procurement Practices

FEMA Should Disallow over $4 Million Awarded to Mountain View Electric Association, Colorado, for Improper Procurement Practices FEMA Should Disallow over $4 Million Awarded to Mountain View Electric Association, Colorado, for Improper Procurement Practices July 16, 2015 DHS OIG HIGHLIGHTS FEMA Should Disallow over $4 Million Awarded

More information

Department of Homeland Security

Department of Homeland Security FEMA s Management of Corrective Actions and Lessons Learned From National Level Exercises OIG-12-118 September 2012 Washington, DC 20528 / www.oig.dhs.gov SEP 11 2012 MEMORANDUM FOR: Timothy W. Manning

More information

Department of Homeland Security

Department of Homeland Security CBP s and USCG s Controls Over Exports Related to Foreign Military Sales OIG-13-119 September 2013 Washington, DC 20528 / www.oig.dhs.gov SEP 09 2013 MEMORANDUM FOR: Susan T. Mitchell Acting Assistant

More information

Napa County, California, Needs Additional Technical Assistance and Monitoring to Ensure Compliance with Federal Regulations

Napa County, California, Needs Additional Technical Assistance and Monitoring to Ensure Compliance with Federal Regulations Napa County, California, Needs Additional Technical Assistance and Monitoring to Ensure Compliance with Federal Regulations OIG-15-135-D August 28, 2015 August 28, 2015 Why We Did This On August 24, 2014,

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Administration of the Federal Trucking Industry Security Grant Program for FY 2004 and FY 2005 OIG-08-08 October 2007 Office of Inspector General

More information

FEMA Does Not Provide Adequate Oversight of Its National Flood Insurance Write Your Own Program

FEMA Does Not Provide Adequate Oversight of Its National Flood Insurance Write Your Own Program FEMA Does Not Provide Adequate Oversight of Its National Flood Insurance Write Your Own Program March 8, 2016 OIG-16-47 DHS OIG HIGHLIGHTS FEMA Does Not Provide Adequate Oversight of Its National Flood

More information

February 18, 2016 OIG-16-40-D

February 18, 2016 OIG-16-40-D Colorado Springs Utilities, Colorado, Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding February 18, 2016 OIG-16-40-D DHS OIG HIGHLIGHTS

More information

Department of Homeland Security Office of Inspector General. Stronger Security Controls Needed on Active Directory Systems

Department of Homeland Security Office of Inspector General. Stronger Security Controls Needed on Active Directory Systems Department of Homeland Security Office of Inspector General Stronger Security Controls Needed on Active Directory Systems OIG-10-86 May 2010 Office (!{Inspector General U.S. Department of Homeland Security

More information

OIG Deployment Activities at FEMA's Joint Field Office in Charleston, West Virginia - Yeager Airport

OIG Deployment Activities at FEMA's Joint Field Office in Charleston, West Virginia - Yeager Airport OIG Deployment Activities at FEMA's Joint Field Office in Charleston, West Virginia - Yeager Airport September 15, 2015 DHS OIG Highlights OIG Deployment Activities at FEMA s Joint Field Office in Charleston,

More information

Department of Homeland Security

Department of Homeland Security FEMA s Initial Response in New York to Hurricane Sandy OIG-13-124 September 2013 SEP 2 6 2013 M EMORANDUM FOR: Joseph L. Nimmich Associate Ad ministrator, Response and Recovery Federal Em ge y Mana ment

More information

United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit

United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit United States Secret Service's Management Letter for DHS' FY 2014 Financial Statements Audit April 8, 2015 OIG-15-58 HIGHLIGHTS United States Secret Service s Management Letter for DHS FY 2014 Financial

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Review of Immigration and Customs Enforcement Detainee Telephone Services Contract OIG-08-54 MAY 2008 Office ofinspector General U.S. Department

More information

Department of Homeland Security Office of Inspector General. Review of Management Agreements Developed for DHS' Primary Data Center

Department of Homeland Security Office of Inspector General. Review of Management Agreements Developed for DHS' Primary Data Center Department of Homeland Security Office of Inspector General Review of Management Agreements Developed for DHS' Primary Data Center OIG-10-56 February 2010 Office ofinspector General u.s. Department of

More information

Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission

Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission Review of U.S. Coast Guard's FY 2014 Detailed Accounting Submission January 23, 2015 OIG-15-28 HIGHLIGHTS Review of U.S. Coast Guard s FY 2014 Detailed Accounting Submission January 23, 2015 Why We Did

More information

FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate

FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate FEMA Insurance Reviews of Applicants Receiving Public Assistance Grant Funds for 2004 and 2005 Florida Hurricanes Were Not Adequate December 18, 2014 HIGHLIGHTS FEMA Insurance Reviews of Applicants Receiving

More information

Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry

Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry December 18, 2014 HIGHLIGHTS Inspection of U.S. Customs and Border Protection Miami Field Office Ports of Entry December

More information

DHS' Oversight of Its Workforce Training Needs Improvement

DHS' Oversight of Its Workforce Training Needs Improvement DHS' Oversight of Its Workforce Training Needs Improvement January 20, 2016 OIG-16-19 DHS OIG HIGHLIGHTS DHS' Oversight of Its Workforce Training Needs Improvement January 20, 2016 Why We Did This Audit

More information

Mount Carmel Baptist Church in Hattiesburg, Mississippi, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements

Mount Carmel Baptist Church in Hattiesburg, Mississippi, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements Mount Carmel Baptist Church in Hattiesburg, Mississippi, Needs Assistance to Ensure Compliance with FEMA Public Assistance Grant Requirements September 30, 2015 DHS OIG HIGHLIGHTS Mount Carmel Baptist

More information

Department of Homeland Security Office of Inspector General

Department of Homeland Security Office of Inspector General Department of Homeland Security Office of Inspector General Management Advisory Report: FEMA's Housing Strategy for Future Disasters OIG-09-111 September 2009 Office of Inspector General U.S. Department

More information

ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases

ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases ICE and USCIS Could Improve Data Quality and Exchange to Help Identify Potential Human Trafficking Cases January 4, 2016 OIG-16-17 DHS OIG HIGHLIGHTS ICE and USCIS Could Improve Data Quality and Exchange

More information

Results of Technical Network Vulnerability Assessment: EPA s Region 1

Results of Technical Network Vulnerability Assessment: EPA s Region 1 U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Results of Technical Network Vulnerability Assessment: EPA s Region 1 Report No. 12-P-0518 June 5, 2012 Scan this mobile code to learn more

More information

Department of Homeland Security Office of Inspector General. CBP's Construction of Border Patrol Facilities and Acquisition of Vehicles

Department of Homeland Security Office of Inspector General. CBP's Construction of Border Patrol Facilities and Acquisition of Vehicles Department of Homeland Security Office of Inspector General CBP's Construction of Border Patrol Facilities and Acquisition of Vehicles OIG-09-91 July 2009 Office of Inspector General U.S. Department of

More information

Controls Over EPA s Compass Financial System Need to Be Improved

Controls Over EPA s Compass Financial System Need to Be Improved U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Controls Over EPA s Compass Financial System Need to Be Improved Report No. 13-P-0359 August 23, 2013 Scan this mobile code to learn more

More information

Department of Homeland Security

Department of Homeland Security FEMA's Initial Response in New Jersey to Hurricane Sandy OIG-13-117 September 2013 ~ V' OFFICE (W INSPECTOR GENERAL Washin&ton, rx.; 20528! W\\-w.oig.db:..g\ SEP 6 2013 MEMORANDUM FOR: FROM: SUBJECT:

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security United States Customs and Border Protection s Management of the Federal Employees Compensation Act Program OIG-12-63 March 2012 Ojjice of Inspector Genera! u.s. Department

More information

Department of Homeland Security Office of Inspector General. DHS Risk Assessment Efforts in the Dams Sector

Department of Homeland Security Office of Inspector General. DHS Risk Assessment Efforts in the Dams Sector Department of Homeland Security Office of Inspector General DHS Risk Assessment Efforts in the Dams Sector OIG-11-110 September 2011 Office (if Inspector General u.s. Department of Homeland Security Washington,

More information

Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate Risk Remains

Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate Risk Remains Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate Risk Remains July 31, 2015 OIG-15-117 DHS OIG HIGHLIGHTS Fiscal Year 2014 Assessment of DHS Charge Card Program Indicates Moderate

More information

DHS Missing Data Needed to Strengthen its Immigration Enforcement Efforts

DHS Missing Data Needed to Strengthen its Immigration Enforcement Efforts DHS Missing Data Needed to Strengthen its Immigration Enforcement Efforts May 4, 2015 OIG-15-85 May 4, 2015 HIGHLIGHTS DHS Missing Data Needed to Strengthen Its Immigration Enforcement Efforts Why We Did

More information

September 9, 2015 OIG-15-143-D

September 9, 2015 OIG-15-143-D Rock County, Minnesota, Highway Department Has Adequate Policies, Procedures, and Business Practices to Effectively Manage Its FEMA Public Assistance Grant Funding September 9, 2015 OIG-15-143-D DHS OIG

More information

FEMA Should Recover $312,117 of $1.6 Million Grant Funds Awarded to the Pueblo of Jemez, New Mexico

FEMA Should Recover $312,117 of $1.6 Million Grant Funds Awarded to the Pueblo of Jemez, New Mexico FEMA Should Recover $312,117 of $1.6 Million Grant Funds Awarded to the Pueblo of Jemez, New Mexico March 21, 2016 DHS OIG HIGHLIGHTS FEMA Should Recover $312,117 of $1.6 Million Grant Funds Awarded to

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required For Transportation Security Administration Networks (Redacted) Notice: The Department of Homeland Security, Office

More information

DEPARTMENTAL DIRECTIVE

DEPARTMENTAL DIRECTIVE ADMINISTRATIVE COMMUNICATIONS SYSTEM U.S. DEPARTMENT OF EDUCATION DEPARTMENTAL DIRECTIVE OIG: 1-103 Page 1 of 5 (10/04/2012) Distribution: All Department of Education Employees Approved by: /s/ Kathleen

More information

Department of Homeland Security Office of Inspector General. FEMA s Management of Disaster Assistance Employee Deployment and Payroll Processes

Department of Homeland Security Office of Inspector General. FEMA s Management of Disaster Assistance Employee Deployment and Payroll Processes Department of Homeland Security Office of Inspector General FEMA s Management of Disaster Assistance Employee Deployment and Payroll Processes OIG-10-115 September 2010 Office ofinspector General U.S.

More information

Department of Homeland Security

Department of Homeland Security FEMA Public Assistance Grant Funds Awarded to Ochsner Clinic Foundation, New Orleans, Louisiana DD-12-15 June 2012 June 20, 2012 We conducted this performance audit between September 15, 2011, and January

More information

2008 FISMA Executive Summary Report

2008 FISMA Executive Summary Report 2008 FISMA Executive Summary Report PUBLIC REDACTED VERSION September 29, 2008 4B M E M O R A N D U M September 29, 2008 To: From: Lew Walker, Acting Chief Information Officer H. David Kotz, Inspector

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security The State of Arizona s Management of Urban Areas Security Initiative Grants Awarded During Fiscal Years 2007 through 2009 OIG-12-61 March 2012 Office of Inspector General

More information

Close-Out of Complaint on Metropolitan Water Reclamation District of Greater Chicago Incurring Inappropriate Expenses on Recovery Act Projects

Close-Out of Complaint on Metropolitan Water Reclamation District of Greater Chicago Incurring Inappropriate Expenses on Recovery Act Projects U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Close-Out of Complaint on Metropolitan Water Reclamation District of Greater Chicago Incurring Inappropriate Expenses on Recovery Act Projects

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Review of FEMA s Use of Proceeds From the Sales of Emergency Housing Units OIG-08-23 DO NOT DISTRIBUTE WITHOUT OIG AUTHORIZATION DRAFT REPORT

More information

U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits

U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits

More information

SEP 2 7 2011. Regional Administrator, Region VI Federal Emergency Management Agency

SEP 2 7 2011. Regional Administrator, Region VI Federal Emergency Management Agency Office ofinspector General u.s. Department of Homeland Security Washington, DC 20528 Homeland Security SEP 2 7 2011 MEMORANDUM FOR: FROM: SUBJECT: Tony Russell Regional Administrator, Region VI Federal

More information

Department of Homeland Security

Department of Homeland Security Improvements Needed To Strengthen the Customs-Trade Partnership Against Terrorism Initial Validation Process for Highway Carriers OIG-12-86 June 2012 Washington, DC 20528 / www.oig.dhs.gov JUN 1-2012 MEMORANDUM

More information

Accurate Reporting and Oversight Needed to Help Manage DHS' Warehouse Portfolio

Accurate Reporting and Oversight Needed to Help Manage DHS' Warehouse Portfolio Accurate Reporting and Oversight Needed to Help Manage DHS' Warehouse Portfolio OIG-15-138 August 28, 2015 DHS OIG HIGHLIGHTS Accurate Reporting and Oversight Needed to Help Manage DHS Warehouse Portfolio

More information

EVALUATION OF CONTROLS OVER DISBURSEMENTS OF MATURED ENDOWMENT LIFE INSURANCE AWARDS

EVALUATION OF CONTROLS OVER DISBURSEMENTS OF MATURED ENDOWMENT LIFE INSURANCE AWARDS EVALUATION OF CONTROLS OVER DISBURSEMENTS OF MATURED ENDOWMENT LIFE INSURANCE AWARDS Increased oversight of high risk disbursements will reduce the potential for fraud. Report No.: 8R1-B12-056 Date: January

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Audit of the Federal Emergency Management Agency s Public Assistance Grant Funds Awarded to the Macon Water Authority After Tropical Storm Alberto

More information

CBP Needs Better Data to Justify Its Criminal Investigator Staffing

CBP Needs Better Data to Justify Its Criminal Investigator Staffing CBP Needs Better Data to Justify Its Criminal Investigator Staffing April 29, 2016 OIG-16-75 DHS OIG HIGHLIGHTS CBP Needs Better Data to Justify Its Criminal Investigator Staffing April 29, 2016 Why We

More information

Department of Defense

Department of Defense OFFICE OF THE INSPECTOR GENERAL Department of Defense Additional Information and Copies To obtain additional copies of this audit report, contact the Secondary Reports Distribution Unit of the Analysis,

More information

Border Security: U.S. Customs and Border Protection Provides Integrity-Related Training to Its Officers and Agents throughout Their Careers

Border Security: U.S. Customs and Border Protection Provides Integrity-Related Training to Its Officers and Agents throughout Their Careers 441 G St. N.W. Washington, DC 20548 August 28, 2013 The Honorable Mary Landrieu Chairman The Honorable Dan Coats Ranking Member Subcommittee on Homeland Security Committee on Appropriations United States

More information

Evaluation Report. The Social Security Administration s Cloud Computing Environment

Evaluation Report. The Social Security Administration s Cloud Computing Environment Evaluation Report The Social Security Administration s Cloud Computing Environment A-14-14-24081 December 2014 MEMORANDUM Date: December 17, 2014 Refer To: To: From: The Commissioner Inspector General

More information