The Justice IG found widespread noncompliance and outdated IT supply chain guidance. Image: albserrao/Shutterstock.com
By: FEDweek StaffAn inspector general audit has found that both the Justice Department and its subagency the FBI are at risk because of weaknesses in its Cyber Supply Chain Risk Management (C-SCRM) program for assessing vulnerabilities and threats from commercially purchased IT products and services.
The Justice Management Division, which runs a program for entities other than the FBI, “lacked the personnel resources to effectively manage its C-SCRM program, resulting in widespread noncompliance, outdated C-SCRM guidance, inadequate threat assessments, and insufficient mitigation and monitoring actions. These weaknesses increase the risk of introducing products or services into DOJ’s IT environment that could compromise the integrity of its systems and data,” a report said.
It said that at the time of the audit, that division had just one employee primarily responsible for managing the program, the guidance “did not include any monitoring and oversight provisions” and the office “had not taken steps to ensure Department components were compliant with its requirements.” In a review of components other than the FBI, it found that only the ATF and DEA were compliant.
It said that while the FBI’s own program is more modern, “it too has several processes and deliverables in need of enhancement. In fact, we found that FBI procurement officials often improperly bypassed its C-SCRM program entirely, due in part to a misunderstanding or unawareness of the C-SCRM requirements.” The amount of those purchases over 2017-2021 could total in the hundreds of millions of dollars through procedures applying to purchases above $10,000, it said, plus an unknown amount spent on purchase cards below that level.
The report made more than a dozen recommendations, some applying at the departmental level and others to one or more components, to which management concurred.
House Set to Consider ‘Inflation Bonus Pay’ for Some Federal Employees
Beneficiary Designations Still Valid Even if Not in New System, Says TSP
GAO Review Sought of TSP Customer Service Problems
New Protections for Borrowers Proposed in Loan Forgiveness Program
Understaffing at VA Getting More Severe, Report Says
Lawsuit over OPM Database Breaches Advances; $63M Settlement Fund
DoD Bill Contains Policies Affecting Federal Employees There, Elsewhere
See also,
Retiring from a Federal Job – Getting Started
Retiring from a Federal Job: Make Sure Your Agency Gets it Right
See You in September, Court in Vaccine Mandate Suit Says
Nine Hours on Hold: Pressure Builds on TSP to Improve Customer Service
FERS Retirement Planning Bundle: 2022 FERS Guide & TSP Handbook
