U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2023 Federal Information Security Modernization Act

Report Information

Date Issued
Report Number:
50503-0011-12
Report Type
Audit
Description
As required by the Federal Information Security Modernization Act, OIG reviewed USDA's ongoing efforts to improve its information technology security program and practices during Fiscal Year 2023.
Joint Report
Yes
Participating OIG
Department of Agriculture OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

OCIO management should design and implement a process to ensure access control documentation, such as application user listings with the required data elements (i.e., account creation and recertification dates), is retained to support its system of internal controls and operational needs as required by GAO standards.

Food Safety and Inspection Service management should implement a standardized process to conduct and monitor reviews of privileged application accounts to ensure appropriate access rights.

Food Safety and Inspection Service management should implement a standardized process for the system teams to conduct, monitor, and maintain user access request forms prior to granting system access.

Research, Education, and Economics management should implement a standardized process for the system teams to conduct, monitor, and maintain user access request forms prior to granting system access.

Rural Development management should implement a standardized process for the system teams to conduct, monitor, and maintain user access request forms prior to granting system access.