The Department of Agriculture (USDA) is responsible for adhering to privacy laws and regulations pertaining to the storage and use of personally identifiable information (PII) of its customers and employees. The Office of Inspector General performed this audit of agency systems to provide an overall assessment of the encryption controls in place. We assessed seven USDA agencies’ encryption security posture to determine if they protected and encrypted PII data appropriately. We reviewed applicable laws, regulations, agency policies, and industry best practices in order to gain sufficient knowledge to evaluate USDA’s encryption security posture. In addition, we interviewed relevant IT personnel and compiled evidence related to the encryption practices at each agency. We found that the Department and agencies did not fully implement Federally-mandated controls. Due to privacy concerns, this report will not be publically released as it contains sensitive security information of critical USDA systems.
United States