The Department of Justice (DoJ) Office of the Inspector General (OIG) issued a report on Wednesday, May 29, detailing more than 1,000 recommendations from the OIG that that remain outstanding, including a selection of recommendations related to cybersecurity or IT.
Some of the most recent recommendations listed in the report relate to cybersecurity and notifying victims of cyberattacks. The OIG list cites a recent report from March that lays out 13 recommendations for the FBI and Office of the Deputy Attorney General to improve data input and to notify victims in a timely manner, all of which DoJ agreed to implement.
Other recommendations for the department have been in progress for a much longer time, however. Two recommendations from 2015 on acquiring technology to preserve text messages and images for a “reasonable period of time” remain not fully implemented, although DoJ agreed to implement them. The report also recommended technology to proactively monitor text messages for potential misconduct.
Finally, the OIG summary of incomplete recommendations touches on the FBI’s insider threat program, calling back to a report from 2017. The report includes six recommendations that the FBI agreed to implement, but has not yet completed. Those recommendations include: the need for technological solutions to avoid stand-alone systems; assigning an agency to conduct and maintain a comprehensive inventory of classified networks and IT assets; and ensuring that user activity monitoring extends to all classified systems.