U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  1. Home

DOJ OIG Releases Management Advisory Memorandum of Concerns Identified with the Federal Bureau of Prisons’ Compliance with Department of Justice Requirements on the Use and Monitoring of Computers, Cybersecurity, and Records Retention

Department of Justice (DOJ) Inspector General Michael E. Horowitz announced today the release of a Management Advisory Memorandum to the Director of the Federal Bureau of Prisons (BOP) identifying concerns with the BOP’s compliance with DOJ requirements on the use and monitoring of computers, cybersecurity, and records retention.

This memorandum arises out of DOJ Office of the Inspector General (OIG) investigations involving administrative misconduct by BOP personnel and their use of their BOP-issued Samsung mobile device. During these investigations, the OIG learned that the BOP:

  1. has not developed, documented, and implemented rules of behavior for employees when accessing and using DOJ electronic systems, as required by DOJ policy;
  1. has not required all mobile device users to review and agree to the standard DOJ General Rules of Behavior agreement and to any additional BOP-specific rules, as required by DOJ policy;
  1. has placed a “personal container” on BOP-issued mobile devices but has not created a list of approved, vetted Apps that may be used within the “personal container,” as required by DOJ policy; and
  1. has not trained mobile device users on the security risks associated with downloading unvetted Apps onto BOP-issued devices and has not instituted controls that restrict users from installing Apps on BOP-issued devices that are on the DOJ Prohibited Apps list, as required by DOJ policy.

After one of the BOP employees investigated refused to produce the BOP-issued device to the OIG for investigation, The OIG successfully petitioned a federal district court to enforce the administrative subpoenas; however, the required litigation impacted our timely access to highly-relevant evidence, delayed our investigation of serious misconduct by a BOP official, and required the OIG to use limited resources to obtain a court order to allow the OIG to access evidence on a government device.

Based on our investigations, we included four recommendations to the BOP.

Memorandum: The memorandum released today is available on the OIG’s website under “Recent Reports,” and at the following link: https://oig.justice.gov/reports/2020/i20028.pdf.

###

Tweet: New Management Advisory Memorandum: Recommendations for the BOP to improve policies to ensure compliance with DOJ requirements on use and monitoring of computers, cybersecurity, and records retention.  https://oig.justice.gov/reports/2020/i20028.pdf

Posted Date
Type
Press Release
PDF Press Release
2020-03-03.pdf
Report
Management Advisory Memorandum of Concerns Identified with the Federal Bureau of Prisons’ Compliance with Department of Justice Requirements on the Use and Monitoring of Computers, Cybersecurity, and Records Retention