OIG said in a report published Wednesday its findings are based on the assessment of CDM practices that DOI implements for IT assets operated by the departmentâs U.S. Geological Survey, Bureau of Reclamation and Bureau of Safety and Environmental Enforcement.
The CDM initiative calls for agencies to implement 15 continuous diagnostic control measures in three phases, according to the report.
Under the programâs Phase 1, agencies should use automated software platforms to facilitate the development and maintenance of computer software and hardware inventories as well as implement enterprise configuration and vulnerability management measures, the IG said.
The report said that DOI failed to mitigate critical network vulnerabilities on the bureausâ IT assets as well as detect and eliminate potential malware from the IT systems.
The IG also noted that DOIâs office of chief information officer did not require the bureaus to deploy the departmentâs inventory management software on all computers, monitor computer configurations, create lists of approved software to safeguard systems from malware and comply with best practices for vulnerability mitigation and detection.
The inspector general offered six recommendations in response to the findings and in an effort to help DOI protect its IT infrastructure from potential exploitation.