According to a report published Tuesday, GSA OIG also said TTS and GSA IT should oversee 18F’s compliance with the Federal Information Technology Acquisition Reform Act as well as address the use of unofficial email accounts on federal record exchanges.
The IG also recommended GSA IT develop training strategies for senior level leaders on IT security roles and responsibilities.
The GSA OIG Office of Inspections and Forensic Auditing led an evaluation of the 18F office due to concerns from senior GSA officials regarding potential deficiencies in business operations.
The review discovered that 18F did not follow GSA information security policies because as a result of a lack of sufficient guidance and oversight from agency leaders to meet required levels of awareness and compliance.
OIG’s review also found IT policy violations from 18F personnel including enabled authorizations through the online messaging and collaboration application called Slack which had potentially exposed personally identifiable information throughout a five-month period.