Inspection of the Bureau of Information Resource Management’s Mobile and Remote Access Division

ISP-I-23-23
    Report Contents
    Unclassified
    Unclassified

    What OIG Inspected
    OIG inspected the Bureau of Information Resource Management’s Mobile and Remote Access Division’s services, specifically the management of mobile and remote access services systems security; customer service delivery; mobile devices and subscription services; and contracts.

    What OIG Recommends
    OIG made 7 recommendations to the Bureau of Information Resource Management. In its comments on the draft report, the bureau concurred with 5 recommendations, neither agreed nor disagreed with 1 recommendation, and disagreed with 1 recommendation. OIG considers 5 recommendations resolved and 2 recommendations unresolved. The bureau’s response to each recommendation, and OIG’s reply, can be found in the Recommendations section of this report. The bureau’s formal response is reprinted in its entirety in Appendix B.

    What OIG Found

    • Department of State stakeholders praised the Mobile and Remote Access Division’s swift response to support the increased remote access demand during the COVID-19 pandemic.
    • The Department did not monitor and control the usage and costs of mobile device services, and the division did not issue guidance to Department employees responsible for managing usage and costs. This resulted in more than $7.2 million in expenditures in 2022 that could have been put to better use. OIG estimated that these expenditures represented 24.4 percent of the Department’s $29.5 million total annual cost for mobile device services.
    • The division did not perform all information systems security officer duties for its own systems or for the enterprise mobile devices it managed for the Department, placing at risk IT security for approximately 83,000 mobile devices worldwide.
    • The division did not communicate and enforce the enterprise mobile device system user groups access requirements in the GO Desktop system security plan. As a result, Department managers issued enterprise mobile devices to users overseas without considering the security requirements in the plan.
    Category
    Locations
    Bureaus/Offices
    Recommendation Number
    1
    Open Resolved

    The Bureau of Information Resource Management should implement an information systems security officer program for systems and enterprise mobile devices that complies with Department standards.

    Recommendation Number
    2
    Open Started

    The Bureau of Information Resource Management should require the Mobile and Remote Access Division to communicate and enforce the Global OpenNet Desktop system user group access requirements outlined in the GO Desktop system security plan.

    Recommendation Number
    3
    Closed Implemented

    The Bureau of Information Resource Management should require the Mobile and Remote Access Division to bring its change management procedures into compliance with Department standards.

    Recommendation Number
    4
    Open Resolved

    The Bureau of Information Resource Management should take steps to eliminate the confusion between its two GO Desktop programs.

    Recommendation Number
    5
    Closed Implemented $7,216,203

    The Bureau of Information Resource Management, in coordination with the Bureau of Administration, should implement policies and procedures to monitor and control the usage and costs of mobile device services in accordance with Department standards and put potential savings of up to $7,216,203 to better use.

    Recommendation Number
    6
    Open Resolved

    The Bureau of Information Resource Management, in coordination with the Bureau of Administration, should bring the Mobile and Remote Access Division’s contract and contracting officer’s representative files into compliance with Department and federal guidance.

    Recommendation Number
    7
    Closed Implemented

    The Bureau of Information Resource Management should bring the Mobile and Remote Access Division’s contracting officer’s representative and government technical monitor programs into compliance with Department standards.