Management Alert – Risks Associated with Information Technology Applications

Audit Reports

Jul

2020

Report Number:

20-251-R20

Report Type:

Audit Reports

Category: Technology

Management Alert – Risks Associated with Information Technology Applications

View PDF

Introduction

While conducting an audit, we found the Postal Service allowed IT applications to operate in the production environment with substantial vulnerabilities. Although the issues identified were not directly related to the scope of the audit, they are security weaknesses that warrant management’s attention and corrective action.

Our objective is to inform the Postal Service of significant vulnerabilities associated with applications developed and maintained under this contract that did not complete the Certification and Accreditation (C&A) process.

Report Recommendations

#	Recommendation	Status	Value	Initial Management Response	USPS Proposed Resolution	OIG Response	Final Resolution
1	In coordination with Vice President, Information Technology, complete the Certification and Accreditation process to evaluate the risk associated with the six applications with expired accreditations and mitigate or formally accept the risks.	Closed	$0	Agree
2	Issue a Failure to Comply letter if the conditional accreditation requirements for the six applications are not met.	Closed	$0	Agree

Breadcrumb

Audit Reports

Management Alert – Risks Associated with Information Technology Applications

Report Recommendations