U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Data Encryption Controls Over Personally Identifiable Information on USDA Information Technology Systems

Report Information

Date Issued
Report Type
Office of the Chief Information Officer

The Department of Agriculture (USDA) is responsible for adhering to privacy laws and regulations pertaining to the storage and use of personally identifiable information (PII) of its customers and employees. The Office of Inspector General performed this audit of agency systems to provide an overall assessment of the encryption controls in place. We assessed seven USDA agencies’ encryption security posture to determine if they protected and encrypted PII data appropriately. We reviewed applicable laws, regulations, agency policies, and industry best practices in order to gain sufficient knowledge to evaluate USDA’s encryption security posture. In addition, we interviewed relevant IT personnel and compiled evidence related to the encryption practices at each agency. We found that the Department and agencies did not fully implement Federally-mandated controls. Due to privacy concerns, this report will not be publically released as it contains sensitive security information of critical USDA systems.

Joint Report
Agency Wide
No (location specific)

United States

Questioned Costs
Funds for Better Use


There are no open recommendations at this time.