CBP Accounted for Its Firearms but Did Not Always Account for Ammunition or Monitor Storage Facilities

U.S. Customs and Border Protection (CBP) accounted for firearms but did not always maintain accurate records for firearm locations or quantities of ammunition, as required. During the physical inventory of firearms in storage at 12 sites, the Office of Inspector General (OIG) identified 126 firearms not located at the address indicated in CBP’s system of record. CBP also did not ensure ammunition control, accountability, and loss reporting complied with policy requirements for sensitive assets. These issues occurred because CBP did not emphasize controls over ammunition. As a result, CBP may not know whether ammunition has been lost, stolen, properly accounted for, or provided to officers for unofficial training and practice.

Infamous Chisel

A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones.

CBP Outbound Inspections Disrupt Transnational Criminal Organization Illicit Operations (REDACTED)

CBP is responsible for detecting, deterring, and disrupting transnational organized crime that threatens U.S. security interests at and beyond the border. This audit was conducted to determine the extent to which CBP uses outbound inspections to prevent the illegal exportation of currency, firearms, explosives, ammunition, and narcotics at land ports of entry (POE). Three recommendations were made to improve CBP’s policies and procedures for conducting outbound inspections at land POEs.

ICE Should Improve Controls to Restrict Unauthorized Access to Its Systems and Information

U.S. Immigration and Customs Enforcement (ICE) did not consistently implement effective access controls to restrict access to its network and information technology (IT) systems. Although ICE took a multi-layered approach to managing access for personnel who change positions or leave the component altogether, we determined that ICE did not consistently manage or remove access when personnel separated or changed positions. For example, 84 percent of the accounts for separated personnel we examined remained active beyond the individual’s last workday. Additionally, ICE did not monitor and configure privileged user access, service accounts, and access to sensitive security functions as required. These deficiencies stemmed from insufficient internal controls and oversight of user account management and compliance to ensure access controls were administered appropriately and effectively to prevent unauthorized access.

FEMA Did Not Always Secure Information Stored on Mobile Devices to Prevent Unauthorized Access

Mobile devices, such as smartphones and tablets, are critical for FEMA’s workforce to successfully complete its mission. While mobile devices increase workforce mobility and productivity, they also introduce risks including cyber threats or loss of sensitive government data. An audit was conducted to determine whether FEMA secures its mobile devices to safeguard information. Four recommendations were made. 
Translate »