Department of Justice (DOJ) Inspector General Michael E. Horowitz announced today the release of a Management Advisory Memorandum to the Director of the Federal Bureau of Prisons (BOP) identifying concerns with the BOP’s compliance with DOJ requirements on the use and monitoring of computers, cybersecurity, and records retention.
This memorandum arises out of DOJ Office of the Inspector General (OIG) investigations involving administrative misconduct by BOP personnel and their use of their BOP-issued Samsung mobile device. During these investigations, the OIG learned that the BOP:
- has not developed, documented, and implemented rules of behavior for employees when accessing and using DOJ electronic systems, as required by DOJ policy;
- has not required all mobile device users to review and agree to the standard DOJ General Rules of Behavior agreement and to any additional BOP-specific rules, as required by DOJ policy;
- has placed a “personal container” on BOP-issued mobile devices but has not created a list of approved, vetted Apps that may be used within the “personal container,” as required by DOJ policy; and
- has not trained mobile device users on the security risks associated with downloading unvetted Apps onto BOP-issued devices and has not instituted controls that restrict users from installing Apps on BOP-issued devices that are on the DOJ Prohibited Apps list, as required by DOJ policy.
After one of the BOP employees investigated refused to produce the BOP-issued device to the OIG for investigation, The OIG successfully petitioned a federal district court to enforce the administrative subpoenas; however, the required litigation impacted our timely access to highly-relevant evidence, delayed our investigation of serious misconduct by a BOP official, and required the OIG to use limited resources to obtain a court order to allow the OIG to access evidence on a government device.
Based on our investigations, we included four recommendations to the BOP.
Memorandum: The memorandum released today is available on the OIG’s website under “Recent Reports,” and at the following link: https://oig.justice.gov/reports/2020/i20028.pdf.
Tweet: New Management Advisory Memorandum: Recommendations for the BOP to improve policies to ensure compliance with DOJ requirements on use and monitoring of computers, cybersecurity, and records retention. https://oig.justice.gov/reports/2020/i20028.pdf