Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audits, Inspections, and Evaluations

Report Number Title Issue Date Sort ascending Fiscal Year
OIG-24-65 CBP, ICE, and TSA Did Not Fully Assess Risks Associated with Releasing Noncitizens without Identification into the United States and Allowing Them to Travel on Domestic Flights - (REDACTED) 2024
OIG-24-50 TSA Made Progress Implementing Requirements of the 9/11 and TSA Modernization Acts but Additional Work Remains 2024
OIG-24-35 TSA Could Not Assess Impact of Federal Air Marshal Service Personnel Deployed to Support Southwest Border Security - (REDACTED) 2024
OIG-23-57 Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity - (REDACTED) 2023
OIG-23-44 Cybersecurity System Review of the Transportation Security Administration's Selected High Value Asset 2023
OIG-22-61 (U) Vulnerabilities Continue to Exist in TSA's Checked Baggage Screening 2022
OIG-21-69 TSA acquired CT systems that did not address all needed capabilities.  These issues occurred because the Department of Homeland Security did not provide adequate oversight of TSA’s acquisition of CT systems.  DHS is responsible for overseeing all major acquisitions to ensure they are properly planned and executed and meet documented key performance thresholds.  However, DHS allowed TSA to use an acquisition approach not recognized by DHS’ acquisition guidance.  In addition, DHS allowed TSA to deploy the CT system even though it did not meet all TSA key performance parameters.  DHS also did not validate TSA’s detection upgrade before TSA incorporated it into the CT system.  As a result, TSA risks spending over $700 million in future appropriated funding to purchase CT systems that may never fully meet operational mission needs.  We made three recommendations to improve DHS’ oversight of TSA’s CT systems acquisition.  DHS concurred with all three recommendations.  

>DHS Did Not Effectively Oversee TSA's Acquisition of Computed Tomography Systems
2021
OIG-21-68 TSA implemented 167 of the 251 (67 percent) requirements in both Acts, 55 of the 167 (33 percent) were not completed by the Acts’ established deadlines, and TSA did not complete the remaining 84 requirements.  TSA was unable to complete 33 of these requirements because the actions relied on external stakeholders acting first or depended on conditions outside of TSA's control. The shortfalls occurred because TSA did not: (1) designate a lead office to establish internal controls, conduct oversight, and provide quality assurance for implementing the legislatively mandated requirements; (2) develop formal policies and procedures to ensure consistency and accountability for implementing the requirements on time; or (3) plan or develop an effective system to maintain relevant supporting documentation for the Acts’ requirements to help ensure information accuracy, continuity, and record retrieval capability. Further, TSA had difficulty completing some mandates that required lengthy regulatory processes or coordination with and reliance on external Government and industry stakeholders.  Because TSA has not implemented all requirements, it may be missing opportunities to address vulnerabilities and strengthen the security of the Nation’s transportation systems.  TSA provided a corrective action plan but did not concur with the recommendation.

>TSA Has Not Implemented All Requirements of the 9/11 Act and the TSA Modernization Act
2021
OIG-21-66 DHS did not fully comply with the public law.  TSA and the Coast Guard prepared, and DHS submitted, a CAP to Congress in June 2020.  Although the CAP identified corrective actions for one area, it did not address four issues we consider significant.  We recommended that DHS, in consultation with TSA and Coast Guard, re-evaluate the assessment to determine if further corrective actions are needed or justify excluding significant issues from the CAP.  DHS did not concur with the recommendation, but we consider DHS’ actions partially responsive to the recommendation. We consider the recommendation open and unresolved.

>DHS Did Not Fully Comply with Requirements in the Transportation Security Card Program Assessment
2021
OIG-21-52 TSA partially complied with the Act by establishing operational processes for routine activities within its Explosives Detection Canine Team (EDCT)  program for surface transportation.  Specifically, TSA has a national training program for canines and handlers, uses canine assets to meet urgent security needs, and monitors and tracks canine assets.  However, TSA did not comply with the Act’s requirements to evaluate the entire EDCT program for alignment with its risk-based security strategy or develop a unified deployment strategy for its EDCTs for surface transportation.  We recommended that TSA coordinate with its law enforcement agency partners to conduct an evaluation of the EDCT program and develop an agency-wide deployment strategy for surface transportation consistent with TSA's Surface Transportation Risk-Based Security Strategy.  TSA concurred with both recommendations.   

>TSA Did Not Assess Its Explosives Detection Canine Team Program for Surface Transportation Security
2021
OIG-21-39 We determined that the Transportation Security Administration (TSA) did not manage the Recruitment and Hiring (R&H) contract in a fiscally responsible manner.  Specifically, TSA did not properly plan contract requirements prior to awarding the contract and did not develop accurate cost estimates for all contract modifications.  We recommended TSA establish a cross-functional requirements working group for planning and awarding the R&H re-compete efforts as well as other Personnel Futures Program contract requirements.  The working group should develop a holistic and forward-thinking acquisition strategy, as well as implement a comprehensive process for reviewing and determining requirements.  We also recommended TSA ensure Human Capital improves contract management activities including, but not limited to, requirements planning and realistic cost estimate development by obtaining additional expert resources or leveraging existing expertise.  We made two recommendations to improve TSA’s contract management.  TSA concurred with both recommendations.

>TSA Needs to Improve Its Oversight for Human Capital Contracts
2021
OIG-21-11 TSA Needs to Improve Management of the Quiet Skies Program (REDACTED) 2021
OIG-21-09 DHS Components Have Not Fully Complied with the Department's Guidelines for Implementing the Lautenberg Amendment 2021
OIG-21-05 Management Alert - FPS Did Not Properly Designate DHS Employees Deployed to Protect Federal Properties under 40 U.S.C. § 1315(b)(1) 2021
OIG-20-33 The Transportation Security Administration (TSA) does not monitor the Advanced Imaging Technology (AIT) to ensure it continues to fulfill needed capabilities.  Although the AIT met the requirement for system availability, TSA did not monitor the AIT’s probability of detection rate and throughput rate requirements set forth in TSA’s operational requirements document.  These issues occurred because TSA has not established comprehensive guidance to monitor performance of the AIT system.  Without continuous monitoring and oversight, TSA cannot ensure the AIT is meeting critical system performance requirements—a consistent weakness found in prior DHS OIG reports.  We made two recommendations designed to improve TSA’s monitoring of the AIT system.  TSA concurred with our recommendations.

>TSA Needs to Improve Monitoring of the Deployed Advanced Imaging Technology System
2020
OIG-20-28 TSA's Challenges With Passenger Screening Canine Teams (Redacted) 2020
OIG-19-56 The Transportation Security Administration’s (TSA) methods for classifying its Office of Inspection (OOI) criminal investigators as law enforcement officers were adequate and valid, but the data TSA used were not adequate or valid. TSA’s criminal investigators spend at least 50 percent of their time performing criminal investigative duties to be classified as law enforcement officers. The FY 2017 timesheet data TSA used to validate that its criminal investigators met the 50 percent requirement were not adequate and valid as the data were not always timely submitted and approved. This occurred because OOI officials lacked oversight and accountability for the timesheet submission, review, and approval processes. Further, criminal investigators and their supervisors did not always complete and approve certification forms as required to verify eligibility for premium pay. In some instances, incorrect timesheet calculations inflated the annual average of unscheduled duty hours criminal investigators worked to be eligible for premium pay. OOI management did not develop and implement guidance to review these key calculations annually. Without better oversight and valid timesheet data, TSA cannot ensure it is accurately classifying criminal investigators as law enforcement officers. TSA also may be wasting agency funds on criminal investigators ineligible to receive premium pay. We made four recommendations that, when implemented, should help TSA improve data used to classify its OOI criminal investigators as law enforcement officers. TSA concurred with all of our recommendations.

>TSA's Data and Methods for Classifying Its Criminal Investigators as Law Enforcement Officers Need Improvement
2019
OIG-19-35 The Transportation Security Administration (TSA) needs to continue to improve its retention, hiring, and training of Transportation Security Officers (TSO). Specifically, TSA needs to better address its retention challenges because it currently does not share and leverage results of TSO exit surveys and does not always convey job expectations to new-hires. TSA does not fully evaluate applicants for capability as well as compatibility when hiring new TSOs. Thus, the agency may be making uninformed hiring decisions due to inadequate applicant information and a lack of formally documented guidance on ranking potential new-hires

>TSA Needs to Improve Efforts to Retain, Hire, and Train Its Transportation Security Officers
2019
OIG-19-21 The objective was to determine whether TSA implemented proper procedures to safeguard the secure areas of our Nation’s airports and whether airports, aircraft operators, and contractors were complying with TSA’s security requirements to control access to these areas.

 

We identified vulnerabilities with various airport access control points and associated access control procedures. We made six recommendations related to standard operating procedures, deployment of new technology, identification of industry best practices, and training.

>Covert Testing of Access Controls to Secure Airport Areas
2019
OIG-19-17 As a follow-up to our 2017 report on TSA’s Federal Air Marshal Service’s (FAMS) domestic flight operations, we conducted this audit to determine the extent to which FAMS can interdict an improvised explosive device during flight. We identified vulnerabilities with FAMS’ contribution to international flight security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We made two recommendations.

>FAMS' Contribution to International Flight Security is Questionable
2019
OIG-19-16 The Department of Homeland Security (DHS) did not promptly fulfill its first requirement mandated by Public Law 114-278. Specifically, DHS delayed commissioning a comprehensive assessment of the effectiveness of the Transportation Security Card Program in enhancing security and reducing security risks for facilities and vessels. The public law required the assessment to begin no later than 60 days after its enactment. However, DHS did not award a work order for the assessment for more than a year after the deadline.  TSA only partially complied with requirements mandated by the public law. Of the six required actions, TSA partially complied with two and fully complied with four. We have concerns with aspects of TSA’s responses to all of the required actions.

>DHS' and TSA's Compliance with Public Law 114-278, Transportation Security Card Program Assessment
2019
OIG-18-88 DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

>Review of Coast Guard's Oversight of the TWIC Program
2018
OIG-18-70 Despite dedicating approximately $272 million to ground-based activities, including VIPR operations, FAMS could not demonstrate how these activities contributed to TSA’s mission. Visible Intermodal Prevention and Response (VIPR) operations, in which VIPR teams collaborate with local law enforcement to augment security at transportation hubs through an increased visible deterrent force.

FAMS could not demonstrate how these activities contributed to TSA’s mission. During our assessment of FAMS’ contributions to TSA’s layered approach to security, we determined that FAMS lacked performance measures for the 24 strategic initiatives and most ground-based activities outlined in its strategic plan. Additionally, FAMS’ VIPR operations performance measures fail to determine the program’s effectiveness. FAMS could not provide a budget breakout by division or operational area.

>FAMS Needs to Demonstrate How Ground-Based Assignments Contribute to TSA's Mission
2018
OIG-18-50 The TSA SSI Program Office's Identification and Redaction of Sensitive Security Information 2018
OIG-18-35 Special Review: TSA's Handling of the 2015 Disciplinary Matter Involving TSES Employee (Redacted) – Retracted 2018
OIG-18-27 The Transportation Security Administration (TSA) intended to expand TSA PreCheck to 25 million air travelers at a rate of more than 5 million enrollments per year. We evaluated whether the current TSA PreCheck Application Program adjudication process will allow TSA to meet its enrollment goals. TSA did not allocate additional resources or staff to the TSA Adjudication Center, which had multiple vacancies and was tasked with manually processing about 26 percent of TSA PreCheck Application Program applications. To make matters worse, in June 2016, TSA PreCheck applications surged, leaving the Adjudication Center overwhelmed with applications to process. As the application queue grew, TSA brought on detailees from other Federal agencies to assist with adjudications part time, but they did not have a significant impact. Further, the Adjudication Center relies on a manual caseload assignment and reporting process, which is inefficient for the volume of TSA PreCheck applications needing adjudication.

>TSA's Adjudication Resources are Inadequate to Meet TSA PreCheck Enrollment Goals
2018
OIG-18-04 We identified limitations with FAMS contributions to aviation security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We are making five recommendations that when implemented, should improve FAMS

 

>FAMS’ Contribution to Aviation Transportation Security is Questionable (Unclassified Summary)
2018
OIG-17-112 We conducted covert tests to determine the effectiveness of TSA's checkpoint screening equipment and screener performance in identifying and resolving potential security threats at airport security checkpoints. We identified vulnerabilities with TSA's screener performance, screening equipment, and associated procedures. Details related to our testing results presented in the report are classified or designated Sensitive Security Information. We are making eight recommendations that when implemented, should improve TSA's screening checkpoint operational effectiveness.

>Covert Testing of TSA’s Screening Checkpoint Effectiveness
2017
OIG-17-107 We determined that although a complainant alleged there were systemic security challenges in the Office of Intelligence and Analysis (OIA), there were few documented security incidents over the past 5 years, all of which OIA addressed with corrective actions.  Further, OIA has improved the effectiveness of its Field Intelligence Division and the Field Intelligence Officers by hiring qualified, experienced intelligence professionals and implementing clear policies and procedures, but it could enhance officer training.  OIA is also addressing weaknesses in coordination among its watches and perceived delays in intelligence reporting.  We made two recommendations to improve the effectiveness of OIA operations; the Transportation Security Administration (TSA) concurred with both recommendations.

>TSA's Office of Intelligence and Analysis Has Improved Its Field Operations
2017
OIG-17-45-MA The Inspector General advised the Acting Administrator of the Transportation Security Administration (TSA) regarding internal TSA guidance to employees that, if followed, would improperly delay and restrict the OIG’s access to documents.  The Management Alert contained one recommendation with which TSA concurred.

>Management Alert Regarding Inspector General Access to Information (OIG 17-45-MA)
2017
OIG-17-73 Most of the deficiencies identified by the independent public accounting firm KPMG, LLP were related to access controls for TSA’s core financial and feeder systems. The deficiencies collectively limited TSA’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that TSA, in coordination with the Department of Homeland Security’s Chief Information Officer and Acting Chief Financial Officer, make improvements to TSA’s financial management systems and associated information technology security program.

>Information Technology Management Letter for the Transportation Security Administration Component of the FY 2016 Department of Homeland Security Financial Statement Audit
2017
OIG-17-69 KPMG LLP, under contract DHS OIG, audited the Transportation Security Administration’s financial statements and internal control over financial reporting.  The resulting management letter discusses 15 observations related to internal control for management’s consideration.  The auditors identified internal control deficiencies in a number of processes, including personnel actions; property, plant, and equipment; Time and Attendance Process and Financial Disclosure Forms; and the Accounts Receivable Estimate.  These deficiencies are not considered significant and were not required to be reported in our Independent Auditors' Report on DHS’ FY 2016 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2016, included in the DHS FY 2016 Agency Financial Report.

>Transportation Security Administration's Management Letter for DHS' Fiscal Year 2016 Financial Statements Audit
2017
OIG-17-14 We determined that the Transportation Security Administration (TSA) resolved most of our recommendations from previous airport reports.  However, there are several open security control recommendations related to TSA’s Security Technology Integrated Program and one open and unresolved recommendation concerning closed-circuit TVs at John F. Kennedy International Airport.  We recommended that TSA prepare business impact analyses that comply with best practices and also establish a plan to conduct recurring reviews of the operational, technical, and management controls for securing TSA information technology systems at U.S. airports nationwide. TSA concurred with both recommendations.

>Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports (Redacted)
2017
OIG-17-04 We determined that airports do not always properly account for access media badges after they have been issued, and that the Transportation Security Administration’s (TSA) current inspection practice of relying on information reported by airports about access media badges limits its oversight of controls over badge accountability.  We made three recommendations to improve TSA’s oversight of airport access media badge controls. 

>TSA Could Improve Its Oversight of Airport Controls over Access Media Badges (Redacted)
2017
OIG-16-134 We sought to determine whether the Transportation Security Administration (TSA) has an intelligence-driven, risk-based security strategy that informs security and resource decisions across all transportation modes.

>Transportation Security Administration Needs a Crosscutting Risk-Based Security Strategy
2016
OIG-16-128 We conducted this audit to determine whether TSA’s background check processes ensure only eligible individuals receive credentials and remain in the program.

>TWIC Background Checks are Not as Reliable as They Could Be
2016
OIG-16-111-VR Verification Review of Transportation Security Administration's Screening of Passengers by Observation Techniques/Behavior Detection and Analysis Program 2016
OIG-16-91 We conducted this audit to determine the extent to which the Transportation Security Administration (TSA) has the policies, processes, and oversight measures to improve security at the National Railroad Passenger Corporation (Amtrak). TSA has limited regulatory oversight processes to strengthen passenger security at Amtrak because the component has not fully implemented all requirements from Public Law 110–53, Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act). Federal regulations require Amtrak to appoint a rail security coordinator and report significant security concerns to TSA. Although the9/11 Act requires TSA to establish additional passenger rail regulations, the component has not fully implemented those regulations. Specifically, TSA has not issued regulations to assign rail carriers to high-risk tiers; established a rail training program; and conducted security background checks of frontline rail employees. In the absence of formal regulations, TSA relies on outreach programs, voluntary initiatives, and recommended measures to assess and improve rail security for Amtrak.

>TSA Oversight of National Passenger Rail System Security
2016
OIG-16-87 We previously reported on deficiencies in information technology (IT) security controls of the Security Technology Integrated Program (STIP), a data management system that connects airport transportation security equipment (TSE) to servers. We conducted this audit to assess the current extent of the deficiencies and the actions the Transportation Security Administration (TSA) has taken to address them. Wha

>IT Management Challenges Continue in TSA's Security Technology Integrated Program (Redacted)
2016
OIG-16-50 KPMG, LLP evaluated selected general IT controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA made improvements over consistently implementing certain technical account security controls and audit log reviews. However, KPMG continued to identify general IT control deficiencies (GITCs) related to access controls for TSA’s core financial and feeder systems. New control deficiencies reflected weaknesses over controls for systems that were new to the scope of testing GITCs for the FY 2015 audit. The conditions supporting our findings collectively limited TSA’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.

>Information Technology Management Letter for the Transportation Security Administration Component of the FY 2015 Department of Homeland Security Financial Statement Audit
2016
OIG-16-32 The Transportation Security Administration (TSA) awarded a human capital services contract valued at $1.2 billion. We conducted this audit to determine the extent to which TSA is effectively monitoring and enforcing the terms and conditions of the contract. Although TSA ensures the contractor meets the terms and conditions of the human capital services contract, its oversight could be more effective. Specifically, TSA has limited options for holding the contractor accountable for performance deficiencies. There were instances in which TSA did not hold the contractor monetarily accountable for personally identifiable information violations. TSA also did not hold the contractor monetarily liable for noncompliance with statement of work requirements relating to veterans’ preference.

>TSA's Human Capital Services Contract Terms and Oversight Need Strengthening
2016
OIG-15-150 The Transportation Security Administration (TSA) conducts or oversees passenger checkpoint screening at 450 federalized airports. Passenger checkpoint screening is a process by which passengers are inspected to deter, detect, and prevent explosives, incendiaries, weapons, or other security threats from entering sterile areas of an airport or getting onboard an aircraft. As threats to transportation security evolved, TSA needed a screening technology to detect nonmetallic threats. TSA developed Advanced Imaging Technology (AIT) to screen passengers for both metallic and nonmetallic threats concealed under clothing—without physical contact. In 2013, TSA equipped all AIT with Automated Target Recognition software, which displays a box around anomalies on a generic outline of a body. Our objective was to determine the effectiveness of TSA’s AIT, Automated Target Recognition software, and checkpoint screener performance in identifying and resolving anomalies and potential security threats at airport checkpoints. The compilation of the number of tests conducted, names of the test airports, and quantitative and qualitative results of our testing is classified or designated as Sensitive Security Information. We made one recommendation that when implemented should strengthen the effectiveness of identifying and resolving security threats at airport checkpoints.

>Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints
2015
OIG-15-118 This audit is a follow-up to a 2007 Inspector General audit (OIG-07-5) of Transportation Security Administration’s (TSA) Federal Employees’ Compensation Act Program. Our objective was to determine whether TSA effectively and efficiently processed and managed workers’ compensation claims. TSA was responsive to our 2007 report recommendations and implemented internal controls across its workers’ compensation program. For example, TSA developed and implemented comprehensive policies and procedures for the submission and management of workers’ compensation claims. TSA also increased the number of workers’ compensation staff and implemented a strategy to address long-term, high-cost claims. Although TSA has made progress in addressing our prior report recommendations, we noted some additional concerns. Specifically, TSA used similar but separate functions for processing workers’ compensation claims without demonstrating increased effectiveness or efficiency in the processing or management of those claims. We also noted that TSA’s process for reviewing the accuracy of Department of Labor’s charges billed to TSA was not formally documented in its workers’ compensation policy.

>Transportation Security Administration's Management of Its Federal Employees' Compensation Act Program
2015
OIG-14-153 The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning the use of a risk-based rule by the Transportation Security Administration's (TSA) Secure Flight program that may create a vulnerability in aviation security. We assigned our Office of Inspections team currently assessing Security Enhancements to the TSA Pre?™ Initiative to review this allegation. We interviewed the whistleblower and TSA senior officials involved in the risk-based rule decision-making process. We also analyzed documentation regarding these rules to determine whether an aviation security vulnerability exists.

>Use of Risk Assessment within Secure Flight (Redacted)
2014
OIG-15-98 TSA’s multi-layered process to vet aviation workers for potential links to terrorism was generally effective. In addition to initially vetting every application for new credentials, TSA recurrently vetted aviation workers with access to secured areas of commercial airports every time the Consolidated Terrorist Watchlist was updated. However, our testing showed that TSA did not identify 73 individuals with terrorism-related category codes because TSA is not authorized to receive all terrorism-related information under current interagency watchlisting policy.

>TSA Can Improve Aviation Worker Vetting (Redacted)
2015
OIG-15-88 We audited security controls for Department of Homeland Security information technology systems at San Francisco International Airport. Five Department components—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, Management Directorate, Transportation Security Administration, and U.S. Coast Guard—operate information technology systems that support homeland security operations at this airport. Our audit focused on how these components have implemented computer security controls for their systems at the airport and nearby locations. We performed onsite inspections of the areas where information technology systems and equipment were located, interviewed departmental staff, and conducted technical tests of computer security controls. The information technology security controls implemented at these sites had deficiencies that, if exploited, could result in the loss of confidentiality, integrity, and availability of the components’ systems.

>Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport
2015
OIG-15-86 We reviewed TSA’s airport screening equipment maintenance program to determine whether TSA is properly managing its screening equipment maintenance contracts and related maintenance activities. TSA’s four maintenance contracts, which cover both preventive and corrective maintenance, are valued at about $1.2 billion. According to TSA, in fiscal year 2014, it spent about $251 million on maintenance for its screening equipment. TSA is not properly managing the maintenance of its airport screening equipment. Specifically, TSA has not issued adequate policies and procedures to airports for carrying out equipment maintenance-related responsibilities. Because TSA does not adequately oversee equipment maintenance, it cannot be assured that routine preventive maintenance is performed or that equipment is repaired and ready for operational use.

>The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program
2015
OIG-15-56 KPMG LLP reviewed the Transportation Security Administration’s (TSA) internal control over financial reporting. The management letter contains 15 observations related to internal control and other operational matters for management’s considerations. KPMG LLP noted deficiencies and the need for improvements in certain TSA processes. These deficiencies did not meet the criteria to be reported in the Independent Auditors’ Report on DHS’ FY 2014 Financial Statements and Internal Control over Financial Reporting, dated November 14, 2014, included in DHS’ fiscal year 2014 Agency Financial Report. These observations are intended to improve internal control or result in other operating efficiencies.

>Transportation Security Administration's Management Letter for DHS' FY 2014 Financial Statements Audit
2015
OIG-15-46 We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2014. KPMG, LLP evaluated selected general information technology controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA took corrective action to design and consistently implement certain technical security account controls. However, KPMG, LLP continued to identify general information technology control deficiencies related to logical access to TSA’s core financial and feeder systems. Such control deficiencies limited TSA’s ability to ensure the confidentiality, integrity, and availability of its critical financial and operational data.

>Information Technology Management Letter for the Transportation Security Administration Component of the FY 2014 Department of Homeland Security Financial Statement Audit
2015
OIG-15-45 The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA PreCheck screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA PreCheck indicator and encrypted barcode. On October 16, 2014, OSC referred this allegation to the Secretary of Department of Homeland Security (DHS). The Department subsequently requested our assistance with this allegation. We determined that TSA did not grant the traveler TSA PreCheck screening through the TSA PreCheck Application Program or managed inclusion (MI). TSA granted the traveler TSA PreCheck screening through risk assessment rules in the Secure Flight program.

>Allegation of Granting Expedited Screening through TSA PreCheck Improperly (Redacted)
2015