Return to the USDOJ/OIG Home Page

Select Application Controls Review of the Federal Bureau of Prisons's Sentry Database System

Report No. 03-25
July 2003
Office of the Inspector General

Appendix IX
OFFICE OF THE INSPECTOR GENERAL, AUDIT DIVISION
ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT

The BOP's response to the audit (Appendix VIII) describes the actions taken or plans for implementing our recommendations. This appendix summarizes our response and the actions necessary to close the report.

Recommendation Number:

  1. Resolved. The BOP agreed to enforce the BOP Policy Standards (PS) 5100.07, which states that all Community Corrections Offices (CCOs) are to use the BP-337 for inputting initial inmate data as the sole source document by July 1, 2003. To close this recommendation, the BOP needs to provide the OIG with evidence that the CCOs have received notification of the requirement.

  2. Unresolved. The BOP did not respond to the OIG recommendation to redesign the BP-337 so that mandatory information needed for tracking BOP inmates can be documented. The BOP stated the appropriate BOP personnel were not present at the exit conference to address this issue. Therefore, the BOP requested an informal meeting with the OIG to address this issue prior to providing an official response. Please contact the OIG to schedule this meeting.

  3. Unresolved. The BOP did not respond to the OIG recommendation to modify the BP-337 to indicate which source document should be used to complete each field within this form. The BOP stated the appropriate BOP personnel were not present at the exit conference to address this issue. Therefore, the BOP requested an informal meeting with the OIG to address this issue prior to providing an official response. Please contact the OIG to schedule this meeting.

  4. Resolved. The BOP agreed to update the BOP's "SENTRY System Security Guide," dated June 23, 2000, to require the routine generation and review of exception reports by December 12, 2003. To close this recommendation, the BOP needs to provide the OIG with a copy of the updated and approved "SENTRY System Security Guide."

  5. Resolved. The BOP agreed to provide the Information Security Officer with the exception reports generated from the audit logs in the time period specified by the BOP's "SENTRY System Security Guide" (SSG) by October 1, 2003. To close this recommendation, the BOP needs to provide the OIG with evidence of this occurring.

  6. Resolved. The BOP agreed to enforce the BOP's existing access control policy by properly configuring SENTRY's workstation controls. Currently, the BOP is in the process of porting SENTRY to a Web architecture. This process is projected to be completed by FY 2005. To close this recommendation, the BOP needs to provide the OIG with a copy of the documented procedures and evidence of its full implementation.

  7. Resolved. The BOP agreed to update SENTRY's General Use Manual (GUM) to reflect proper procedures for entering initial inmate records into SENTRY by December 5, 2003. To close this recommendation, the BOP needs to provide the OIG with a copy of the SENTRY's revised GUM and documented procedures.