U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Management Advisory Report: Cybersecurity Breaches Highlight a Need for Improvement in Peace Corps’ Incident Response (IG-24-01-SR)

Report Information

Date Issued
Report Type
Other
Component
Agency-wide
Description
The purpose of this report is to bring to your attention needed improvements that the Office of Inspector General (OIG) identified while reviewing Peace Corps’ response process for cybersecurity incidents and its adherence to Federal and agency requirements. We reviewed the agency’s actions taken during three separate cybersecurity incidents from June 2022 through July 2023.
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Disclaimer: Open/Closed recommendations are updated semiannually.

Office of the Chief Information Officer ensures that the network monitoring software is configured at the appropriate levels to detect and minimize Peace Corps exposure to future cybersecurity attacks.

Office of the Chief Information Officer implement adequate data logging in compliance with applicable NIST guidance.

Office of the Chief Information Officer establishes an effective incident response plan to respond to cybersecurity incidents timely.

Office of Chief Information Officer implements and updates the agency’s cybersecurity incident response plan to align with Manual Section 899 to include the Office of Inspector General and other required offices in breach notifications.

Office of Chief Information Officer ensures that the United States Computer Emergency Readiness Team and the Cybersecurity and Infrastructure Security Agency receive proper notification when Peace Corps is aware of a potential cybersecurity incident.