Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2022-IT-B-006 March 23, 2022

The Board Can Strengthen Inventory and Cybersecurity Life Cycle Processes for Cloud Systems

available formats

The Board is increasingly using cloud services to perform its mission and to meet its information technology needs. We evaluated the effectiveness of its life cycle processes for ensuring that cybersecurity risks are adequately managed for cloud systems in use.

We found that the Board's security life cycle processes are not consistently implemented for select cloud systems across the agency. Specifically, an internal Board inventory of cloud systems was incomplete, as was the inventory it provided to the governmentwide Federal Risk and Authorization Management Program. In addition, certain of the Board's life cycle activities—assessing security controls, authorizing information systems, and monitoring security controls—were not consistently performed.

This report contains recommendations designed to strengthen the Board's cloud system inventory and cybersecurity life cycle processes.