This page contains information about recommendations that remain open because the OIG determined that the the Department had not fully implemented corrective actions. The OIG reports the funds put to better use, questioned costs, restitution, funds returned to the Department, and penalties and court costs associated with all recommendations in its Semiannual Reports to Congress.
Open Recommendations
Update and implement existing configuration management procedures for all servers and services on the production network to enforce changing default credentials before the server is connected to the network.
Update and implement existing configuration management procedures for all servers and services on the production network to enforce changing default credentials before the server is connected to the network.
Update and implement vulnerability management procedures to ensure that security vulnerabilities involving anonymous access, default credentials, and vulnerable services are identified, monitored, and remediated.
Update and implement vulnerability management procedures to ensure that security vulnerabilities involving anonymous access, default credentials, and vulnerable services are identified, monitored, and remediated.
Ensure application security controls are implemented in the WAPA development Portal to protect against known types of attacks, including cross-site scripting and unauthorized actions.
Ensure application security controls are implemented in the WAPA development Portal to protect against known types of attacks, including cross-site scripting and unauthorized actions.
Update existing web application security risk assessment and testing processes for the WAPA Portal and remediate known web application vulnerabilities.
Update existing web application security risk assessment and testing processes for the WAPA Portal and remediate known web application vulnerabilities.
Update the vulnerability identification and software patch management process to ensure vulnerabilities are appropriately monitored and patches are applied in a timely manner.
Update the vulnerability identification and software patch management process to ensure vulnerabilities are appropriately monitored and patches are applied in a timely manner.