Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ONE DHS

  • DHS Has Made Limited Progress Implementing the Continuous Diagnostics and Mitigation Program

    Executive Summary

    We determined DHS had not yet strengthened its cybersecurity posture by implementing a Continuous Diagnostics and Mitigation (CDM) Program.  DHS spent more than $180 million between 2013 and 2020 to design and deploy a department-wide continuous monitoring solution but faced setbacks.  DHS initially planned to deploy its internal CDM solution by 2017 using a “One DHS” approach that restricted components to a standard set of common tools.  We attributed DHS’ limited progress to an unsuccessful initial implementation strategy, significant changes to its deployment approach, and continuing issues with component data collection and integration.  As of March 2020, DHS had developed a key element of the program, its internal CDM dashboard.  However, the dashboard contained less than half of the required asset management data.  As a result, the Department cannot leverage intended benefits of the dashboard to manage, prioritize, and respond to cyber risks in real time.  Finally, we identified vulnerabilities on CDM servers and databases.  This occurred because DHS did not clearly define patch management responsibilities and had not yet implemented required configuration settings.  Consequently, databases and servers could be vulnerable to cybersecurity attack, and the integrity, confidentiality, and availability of the data could be at risk.  We made three recommendations for DHS to update its program plan, address vulnerabilities, and define patch management responsibilities

    Report Number
    OIG-21-38
    Issue Date
    Document File
    DHS Agency
    Fiscal Year
    2021
  • Major Management and Performance Challenges Facing the Department of Homeland Security

    Executive Summary

    Department leadership must commit itself to ensuring DHS operates more as a single entity. rather than a collection of components. The lack of progress in reinforcing a unity of effort translates to a missed opportunity for greater effectiveness. Second, Department leadership must establish and enforce a strong internal control environment typical of a more mature organization. The current environment of relatively weak internal controls affects all aspects of the Department’s mission, from border protection to immigration enforcement and from protection against terrorist attacks and natural disasters to cybersecurity. We have seen little evidence of proactive effort by leadership to view the organization holistically, to forcefully communicate the need for cooperation among components, and to establish programs or policies that ensure unity, even though such effort is a necessary precondition to unified action.

     

    Report Number
    OIG-18-11
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018