The GSA Office of Inspector General, Office of Audits conducted an audit of a GSA information technology (IT) system. Our audit objectives were to: (1) assess the security controls in place to protect the confidentiality, integrity, and availability of both the IT system and network resources; (2) assess the oversight of required security controls; and (3) determine whether the security controls in place meet the standards set by the Federal Information Security Modernization Act of 2014 and GSA IT policy.
We found that GSA needs to strengthen its oversight of the IT system to ensure sensitive data is protected. Our report included three findings and four recommendations related to IT security controls. The GSA Chief Information Officer agreed with our report recommendations.
Our report contains information that the GSA Office of Inspector General has determined is sensitive and, if disclosed, may adversely affect information security. Therefore, our report is restricted from public release.
