Report Contents
Summary of Review
OIG reviewed the Bureau of Consular Affairs’ ConsularOne modernization program, the bureau’s initiative to modernize and consolidate approximately 90 discrete consular legacy systems into a common technology framework. These legacy systems support the bureau’s three fundamental responsibilities: the issuance of passports and other documentation to citizens and nationals, the protection of U.S. border security and facilitation of legitimate travel to the United States, and ensuring the welfare and protection of U.S. citizens abroad. CA’s Office of Consular Systems and Technology (CST) serves as the business owner for ConsularOne. OIG found that in the 10 years since the ConsularOne modernization program began in 2011, CST had conducted a very limited pilot of just one component—the customerfacing part of the electronic Consular Report of Birth Abroad—and had continued to miss deployment dates for other components under the program. OIG determined that multiple factors caused the delays in the ConsularOne modernization program, including deficiencies in leadership, management of resources, communication, project management, and information security management. OIG made 11 recommendations to address the factors contributing to the delays in the ConsularOne modernization program. In its comments on the draft report, the Bureau of Consular Affairs concurred with 6 recommendations and neither agreed nor disagreed with 5 recommendations. The bureau’s response to the recommendations and OIG’s reply can be found in the Recommendations Section of this report. OIG considers 8 recommendations resolved and 3 recommendations unresolved. The bureau’s formal written response is reprinted in its entirety in Appendix C.
Report Terms
Report Recommendations
The Bureau of Consular Affairs should review with the Office of Consular Systems and Technology leadership the deployment schedule for ConsularOne components to determine the schedule’s viability to achieve bureau requirements.
The Bureau of Consular Affairs should clearly define the ConsularOne modernization program and Consular Systems Modernization, including its components, projects, supporting contracts, and the associated total cost of those contracts for both efforts.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to hold managers and staff accountable for performance and deliverables for ConsularOne in accordance with Department standards.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to implement an internal communication and collaboration plan.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to implement a plan for communication and collaboration with its stakeholders that would promote feedback, as well as promote the understanding of the stages, timeline, and content for the ConsularOne modernization effort.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to maintain documented management approvals for all information systems throughout the systems development lifecycle process in accordance with Department standards.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to implement standard operating procedures for its systems development lifecycle process that includes details on the central location to be used to maintain project documentation.
The Bureau of Consular Affairs should require the Office of Consular Systems and Technology to conduct independent information system security assessments.
The Bureau of Consular Affairs should implement a process to conduct system authorizations for the Office of Consular Systems and Technology’s information systems prior to expiration of the systems’ authorizations to operate.
The Bureau of Consular Affairs, in coordination with the Bureau of Information Resource Management, should complete the assessment and authorization process for the Office of Consular Systems and Technology’s information systems with expired authorizations to operate.
The Bureau of Consular Affairs should perform annual security controls assessments for the Office of Consular Systems and Technology’s information systems in accordance with Department standards.