The State Department’s Office of Inspector General (OIG) has issued a new report that flags security control issues for a data analytics test network and internal case management system operated by the Bureau of Consular Affairs’ Office of Fraud Prevention Programs (OFPP), and reported that OFPP is taking steps to resolve the problem.
The security control issue was one of several items that OIG reported on from an inspection it conducted between March and June of this year.
Among its findings are that OFPP’s case management system “did not have adequate security controls to protect information residing on it, as required by the Federal Information Processing Standards Publication 199.” It said the case management system was developed in 2008 as a SharePoint site to maintain records involving “possible consular malfeasance,” but that the office did not assess the system to determine the sensitivity of its information or commensurate security controls to protect the information.
According to OIG, OFPP management was unaware that the system had never undergone such an assessment, and recommended that the Bureau of Consular Affairs perform an assessment and implement appropriate security controls. “Without applying appropriate controls, the case management system and its information are vulnerable to unauthorized access or compromise,” OIG said.
The Bureau of Consular Affairs said it concurred with the recommendation, and said it is targeting a compliance date of November 2018. As a result, OIG said it considers the recommendation to be resolved.
Elsewhere in its report, OIG issued positive commentary on OFPP’s work on a strategy to strengthen U.S. border security through data analytics, and offered separate recommendations to improve several aspects of the office’s work including assessing the value of programs developed for internal use, recording training activities, and exercising oversight of labor-hour contracts.
OIG noted that among OFPP’s goals in the FY2018-2020 period are to build capacity to analyze a range of information available from consular systems and other Federal agencies to help prevent and deter fraud across the full range of consular services, and to strengthen and support fraud prevention programs at all visa and passport facilities including providing adjudicators with training, guidance, and analysis.
