In accordance with Section 406 of the Cybersecurity Act of 2015, we inspected DOI’s policies, procedures, and practices for securing its computer networks and systems for all covered systems related to logical access control policies and practices, use of multifactor authentication, software inventory, threat prevention, and contractor oversight.
DOI has implemented measures, such as multifactor authentication and software inventory management to reduce the risk of unauthorized access to its computer systems and prevent spending public funds on unused software. DOI, however, needs to update its logical access controls to meet current standards, ensure that its mobile computing devices are encrypted and securely configured, and obtain the ability to inspect encrypted traffic for malicious content.