SEMIANNUAL REPORT TO THE DIRECTOR, CENTRAL INTELLIGENCE AGENCY

pproved for Release. 2024 SECRE IiiNOPORN April � September 2014 N(')AREPR-t� the Director Central Intelligence Agency Office of Inspector General Celebrating 25 Years of Dedicated Service David B. Buckley, Inspector General IG 2014-0348 . -� �IRA 1/4.1rUNI Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN April � September 2014 SEMIANNUAL REPORT * To the Director, Central Intelligence Agency Office of Inspector General Celebrating 25 Years of Dedicated Service SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECREMOFORN (U) FOLLOW THE TRUTH, WHEREVER IT LEADS... (U) MISSION (U) To promote the economy, efficieney,-and,effectiveness of CIA by providing timely, independent, and objective oversight, and by detecting and deterring fraud, waste, and abuse. (U) VISION (U) To be a world-class organization that provides reliable assessments and expert advice to the Director, CIA and other key stakeholders, objective and relevant information to the Congresschallenging and rewarding careers for our professional workforce. (U) VALUES � (U) Integrity - Making decisions regard to undue influence or favor. tents of every matter without � (U) Professionalism - Holding ourselves to the highest standards of accountability and independence and ensuring that our findings are accurate, objective, and timely, and our recommendations relevant, reasonable, fact . �� � . based, and fair � (U) Expertise - Developing and leveraging individual and collective skills and experiences. (U) DIVE (U) Diversityis integralverse Workforce and therefore are dedicated to recnhitiig,developing and retaining qualified individuals who bring to the OIG a variety of experiences. backgrounds, and skills. We are committed to maintaining a positive, equitable, and productive work environment where all employees�and their diverse thoughts and opinions�are welcomed, respected, and valued. SECREMOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET/NOFORN (U) STRATEGIC GOALS AND OBJECTIVES (U) GOAL 1: EXECUTE TIMELY, OBJECTIVE, AND RESULTS-DRIVEN WORK TO IMPROVE THE OVERALL MISSION PERFORMANCE OF THE AGENCY. � (U) Undertake work that focuses on programs and activities that are critical to the CIA mission and important to the Director and the Congress. � (U) Conduct timely and objective audits, inspections, and investigations in accordance with professional standards. � (U) �Undertake work that improves mission performance of the Agency. (U) �GOAL 2: MAXIMIZE OUR AND THE AMERICAN P � (U) Explain our mission to our cus respect-based relationships. 0 THE CIA, THE CONGRESS, nd stakeholders and build collaborative, � (U) Solicit from our customers and stakeholders ideas to increase the value of our work. � (U) Provide accessibility within the construct of our confidential environment. - GOAL 3: ATTRACT, DEVELOP, AND RETAIN A DIVERSE AND GIILY SKILLED CADRE OF PROFE,SRONAL WO OFFICERS. � (U) Implement recruitment strategies that attract a diverse, highly skilled workforce. � (U) Establish appropriate and measurable performance goals and appropriately and fairly recognize high performance. � (U) Train our people e highest professional sta � (U) Promote .a productive and innovative � (U) Provide knowledgeable, ,leadership and ensure forthright, complete, and timely communications, (U) GOAL 4: PROVIDE STRONG BUSINESS MANAGEMENT THAT MAXIMIZES FACILITIES, BUDGET, AN!) TECHNOLOGY AND ALLOWS OIG OFFICERS TO RESPOND OPTIMALLY TO MISSION NEEDS. � (U) Establish corporate policies, metrics,and,rons that drive performance; meet mission requirements; and encourage innovation. � (U) Develop IT, workspace, and budget solutions that will optimally support staff- specific work processes and provide enterprise-wide insight and managerial information. � (U) Proactively identify our business management requirements. iii SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 * * of information sharing prior to the Boston Marathon bombing. (UHFOU0) As I have previously and repeatedly reported, my office's ability to properly represent the interests of the CIA in federal criminal investigations is constrained by the lack of authorities granted other federal Inspectors General. Last year, the U.S. House of Representatives and SSCI previously voted to approve additional personnel benefits, on par with other federal Inspectors General, yet the provision was not sustained in conference for the FY 2013 Intelligence Authorization Act. The Administration has included the provision in its request for legislative action to the Congress and the Director, CIA has written to the chairmen of the Congressional intelligence oversight committees in support. Having these critically important authorities would better enable my office to attract and retain employees to ferret out criminal behavior in CIA operations and activities. (UHFOU0) I am very pleased to report that the operations of Audit, Inspections, and Investigations passed respective peer review during this reporting period. This was the first time the Investigation and Inspection components of the CIA OIG had been peer reviewed in accordance with the standards set by the Council of Inspectors General for Integrity and Efficiency (CIGIE). (U) In closing, I would like to express my appreciation to Director Brennan, the Agency and the Congress for their continued support of the work of the 01G. A successful OIG is not possible without the collaborative efforts between the OIG staff and Agency managers to address OIG findings and implement corrective actions. I wish to thank them for their dedication and support and look forward to their continued cooperation as we work together to promote accountability, integrity, and efficiency in Agency programs and operations. ;O. pproved for Release: 2024/04/24 C06667615 (UHFOU0) I am honored to serve as the Inspector General of the Central Intelligence Agency, 111, and I am pleased to present the 10 Semiannual Report to the Director, CIA, which highlights key results for the reporting period 1 April-30 September 2014. This report is illustrative of the essential work that the men and women of the Office of Inspector General (OIG) have provided in the areas of audit, investigations, and inspections. Our work has resulted in a number of significant recommendations to improve the effective and efficient operation of CIA's collection and analysis operations, Covert Action (CA) programs, financial management, and procurement oversight and contract administration. (U) The OIG celebrates 25 years of independent and dedicated service in 2014. In 1989, the Inspector General (IG) was authorized in federal law (50 USC 3517), replacing the administrative OIG that had been in place since 1952. (UHFOU0) Director Brennan and his senior leadership team continue to be actively engaged with us in a comprehensive review of outstanding OIG significant recommendations and are working to take corrective action. Implementation of OIG recommendations can be both complex and costly, and we continually work to identify practical solutions to reduce and/or resolve the risks identified by our work. (1.1//FOLJO) During this reporting period we issued 31 reports addressing a broad range of concerns pertaining to information security, corporate governance, CA activities, financial management, as well as procurement oversight and contract administration. OIG completed 61 investigations, handled 289 Hotline contacts, and continued to work closely with the CIA to resolve outstanding matters. I testified before the Senate Select Committee on Intelligence (SSC1) and briefed the President's Intelligence Advisory Board on our investigative work regarding unauthorized access to the RDINet, and also testified before the Senate Homeland Security and Governmental Affairs Committee on our joint work with other 01Gs regarding the OIG review David B. Buckley Inspector General 30 September 2014 (b) Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE OF CONTENTS * * * * (U) A MESSAGE FROM THE INSPECTOR GENERAL iv (U) OVERVIEW 3 (U) Organization Chart 3 (U) The Office of Inspector General 4 (U) Positive Impact on Agency Mission 6 (U) Collaboration, Integration, and Engagement 8 (U) PLANNING 11 (U) Management and Performance Challenges for CIA 11 (U) Annual Planning 11 (U) STATUTORY REPORTING 13 (U) Compliance 13 (U) Peer Review 13 (U) Access 13 (U) Subpoena Authorities 13 (U) AUTHORITIES REQUESTED 15 (U) Authority to Designate Positions for Pay and Benefits Purposes 15 (U) PROJECTS 17 (U) Audit 17 (U) Completed Projects (Table) 17 (U) Summaries of Completed Work 19 (U) Inspections 36 (U) Completed Projects (Table) 36 (U) Summaries of Completed Work 36 (U) Ongoing Audits, Inspections, and Reviews 41 (U) Investigations 42 (U) Completed Investigations (Table) 42 (U) Select Summaries of Investigation 45 (U) Recommendation 48 (U) Prosecutions 48 (U) Hotline 49 (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS 51 (U) Table I - Status of Significant Recommended Actions: Audit 52 (U) Table 2 - Status of Significant Recommended Actions: Inspections 83 (U) Table 3 - Status of Significant Recommended Actions: Assessments 89 (U) APPENDIX 91 (U) Acronyms and Abbreviations 91 APRIL � SEPTEMBER 2014 1* SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) THIS PAGE INTENTIONALLY LEFT BLANK. OIG SEMIANNUAL REPORT SECRET//NOFORN ' Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 ' (U) OVERVIEW (b)(3) b'(6 ) k\111 \ 110\ ( II kRI DAVID B. BUCKLEY Inspector General (b)(3) (b)(6) Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) THE OFFICE OF INSPECTOR GENERAL (U) Like most federal Inspectors General, the CIA OIG occupies a unique position within the organization. The OIG is the only element of CIA created separately by statute that has obligations and responsibilities to both the Director, the CIA and to the Congress. The OIG is an independent and objective entity with the mission to detect and deter waste, fraud, abuse, and misconduct involving Agency programs and personnel, and promote economy, effectiveness, and efficiency in Agency programs and operations. The statutory IG at CIA was established in 1989 (50 USC 3517). The IG is appointed by the President, with the advice and consent of the Senate, and can be removed from office only by the President. (U) The OIG conducts audits, inspections, investigations, and special assessments that result in improvements to CIA mission and business operations through Agency implementation of our recommendations. The OIG also investigates alleged violations of criminal and civil laws, regulations, and ethical standards arising from the conduct of Agency activities. The OIG has jurisdiction to review the programs and personnel of all Agency components as well as Agency contractors. We advance the Agency's mission and function by providing our findings and recommendations to the Director, the Agency, and the Congressional intelligence oversight committees. (U) The OIG is committed to independently reviewing the integrity of CIA programs and operations. Developing an effective strategy, aligned with the CIA's Strategic Direction, is a critical aspect of fulfilling this commitment. Our current Strategic Plan can be found on the inside covers of this report. *4 (U) The OIG consists of the executive OIG and the following offices: (U) Audit (U//FOU0) The Office of Audit (Audit) comprises the Financial Management, Information Technology, Operations, and Procurement Divisions. Audit conducts performance and financial audits of CIA programs and activities, including those non-discretionary audits required by law or otherwise prescribed by Congress, such as the annual Independent Audit of the CIA's Financial Statements; the annual Independent Evaluation of the CIA's Information Security Program and Practices Required by the Federal Information Security Management Act (FISMA); the annual review of the Agency's compliance with the Improper Payments Elimination and Recovery Act (IPERA); the annual risk assessment of purchase and travel card programs; and periodic audits of CA programs. Audit participates with other federal agencies and departments in conducting joint reviews of Intelligence Community (IC) programs and activities. OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) Inspections (UHFOU0) The Office of Inspections (Inspections) is composed of experienced officers, half of whom are on rotation to the OIG. Balanced staffing by skill set and Directorate representation are hallmarks of Inspections. Inspections conducts evaluations of CIA programs to assess mission performance, customer and partner relationships, and program effectiveness. Inspectors examine major, crosscutting Agency issues to assess whether they are carried out effectively, efficiently, and in compliance with laws, Executive Orders, and regulations. The inspections endeavor to focus on areas of the highest risk to CIA programs and operations. (U) Investigations (UHFOU0) The Office of Investigations (Investigations) conducts investigations of alleged violations of federal laws, regulations, and policies, as well as alleged waste, fraud, and mismanagement related to CIA programs and operations. Investigators are assigned to specialized divisions responsible for financial, intelligence, integrity, and computer crimes. Investigations also manages the CIA OIG Hotline (b)(3) (U) During fraud awareness presentations provided by Investigations to Agency staff, Agency officials are reminded of the whistleblower protections provided to Agency employees under the IG Act, Presidential Decision Directive-19, and the newly enacted provisions set forth in the Intelligence Authorization Act of 2014, and the implementing Agency regulations. APRIL- SEPTEMBER 2014 (U) In addition, Investigations has refined its policies and procedures to align more closely with the CIGIE Quality Standards for Investigations, as well as IC community best practices. (U) Resources and Administration 5* SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 006667615 SECRET//NOFORN (b)(3) (U) POSITIVE IMPACT ON AGENCY MISSION I.% (U) The following represents examples of OIG 5 ix work that has had a significant, positive impact on ill > 0 the Agency's mission accomplishment during the reporting period. ' * 6 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 006667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN b)(1) b)(3) (U//FO(J0) Enhancing Training of Certifying Officers. The OIG audit report Controls Over the Approving Officer Authorities and Agency-Wide Certiffing Officers Databases (2011-0003-AS, September 2011 APRIL- SEPTEMBER 2014 7 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 (b)(1) (b)(3) SECRET//NOFORN (U) COLLABORATION, INTEGRATION, AND ENGAGEMENT (U) OIG officers actively participate in a wide range of collaborative activities designed to increase our knowledge of, and contribution to, oversight within the Federal Government. (U) Community Collaboration and Integration (UHFOU0) The IG is a statutory member of the CIGIE, and the IC Inspectors General (IC IG) Forum. The IG actively participates in the IC 1G and CIGIE meetings and is a member of the CIGIE Legislative Committee. (UHFOU0) OIG senior managers regularly participate in IC IG fora to include the Deputy Inspectors General Forum, the IC IG Inspections Working Group, the IC Audit Committee, and the IC IG Counsels Working Group. During this reporting period, CIA OIG officers actively participated in a number of joint efforts as follows: � (UHFOU0) The Inspectors General of the IC, the CIA, the Department of Justice (Dal), and the Department of Homeland Security (DI-IS) conducted coordinated reviews of the extent and handling of information relevant to the Boston Marathon Bombings that were available to the IC in advance of the 15 April 2013 bombings. On 30 April 2014, the Inspectors General presented the results of the coordinated reviews and answered questions in open and closed hearings conducted by the Senate Committee on Homeland Security and Governmental Affairs. The results of the reviews were also *8 briefed to members and staff of the SSCI, House Permanent Select Committee on Intelligence (HPSC1), Senate Judiciary Committee, House Judiciary Committee, and House Homeland Security Committee. A classified, combined final report of the reviews�Information Handling and Sharing Prior to the April 15, 2013 BOSTON MARATHON BOMBINGS�and an unclassified summary were issued in April 2014. The coordinated reviews have been recognized with the CIGIE, Barry R. Snyder Joint Award for significant contributions through a cooperative effort in support of the mission of the CIGIE. OIG SEMIANNUAL REPORT SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 (b)(1) (b)(3) SECRETHNOFORN (U//FOU0) The Assistant IG (AIG) and Deputy AIG for Audit participate in the quarterly meetings of the IC Audit Committee. Participants at these meetings discuss ongoing and planned audits from each of their respective staffs, sharing lessons learned and techniques used to audit the challenging and unique issue areas facing the IC. Also, the Committee coordinates on future Community audits, discussing audit methodology and staffing. (UHFOU0) The AIG and Deputy AIG for Inspections participate in the quarterly meetings of the IC Inspections Committee. Participants at these meetings discuss ongoing projects and share lessons learned from completed projects and peer reviews. (U//FOU0) The AIG for Investigations serves as a guest instructor for the CIGIE IG Investigator Training Program and Periodic Refresher Training Programs. (UHFOU0) In response to a request from the Director of National Intelligence, the CIA IG APRIL- SEPTEMBER 2014 agreed to have the CIA OIG perform the audits of the Office of the Director of National Intelligence (ODNI) financial statements for FY 2015 and FY 2016, as well as report on the ODNI's internal controls over financial reporting and compliance with laws and regulations. The FY 2015 audit will be the first annual audit of the ODNI's financial statements. (U) Outreach (U) The OIG leveraged myriad opportunities throughout this reporting period to broadcast the OIG mission and strategy. (UHFOU0) The IG and the respective office disciplines have strong relationships with members and staff of the Congressional intelligence oversight committees. The IG is committed to keeping the committees fully and currently informed of CIA OIG activities. To that end, the IG has offered to brief HPSCI and SSC1 staff on the OIG's Semiannual Reports, WorkPlans, and the IG Statement of Management and Performance Challenges incorporated in the Agency Financial Report (AFR). In addition, the IG and his senior officers are available to brief HPSC1 and SSCI staff members on completed work as requested. As a result of its statutory reporting, the OIG responded to various congressional requests for reports and information on the status of findings and recommendations from our audits, inspections, and investigations during this period. 9* SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) Training (UHFOU0) The IG is dedicated to personally promoting a greater understanding of the mission and work of the 01G. (U) Inspections sponsors a biannual New Inspector's Training Course that is open to new inspectors across the IC IG community. The course uses a case study methodology to teach the process of inspections. Inspectors from CIA and NRO participated in the May 2014 session. (UHFOU0) Investigations continued to conduct quarterly training on indicators of fraud, waste, and abuse in contracting, procurement, and finance for CIA staff officers, with specific focus on those serving in finance, support and contracting positions. Based on the feedback received from the first running in February 2014, the second and third runnings of this course were held on 13 May and 25 August 2014. *10 OIG SEMIANNUAL REPORT SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) PLANNING * * (U) MANAGEMENT AND PERFORMANCE CHALLENGES FOR CIA (UHFOU0) Based on the findings of audits, inspections, investigations, and special reviews, the OIG determined that the most serious management and performance challenges facing CIA at the beginning of FY 2015 are: (U) The IG Statement of Management and Performance Challenges and the Director's response were included in CIA's FY 2014 AFR. The management and performance challenges are not ranked in any order of importance. These challenges also served to inform our annual planning exercise. APRIL- SEPTEMBER 2014 * * (U) ANNUAL PLANNING (U) On 29 September 2014, we issued our Annual OIG Workplan, identifying the audits, inspections, and other projects we plan to conduct during FY 2015. The Workplan provides broad coverage of the Agency's programs and operations, and is focused on issues of importance to the Agency's mission. The Workplan was distributed to CIA leaders, the IC IG, the ODNI, OMB and the Congressional intelligence committees, and is posted on the internal CIA website. (U) In FY 2015, the OIG will focus efforts on evaluating and improving the Agency's economy, efficiency, and effectiveness in the following areas: � Financial Management � Covert Action � Procurement Oversight and Contract Administration � Governance � Information Security � Collection and Analysis 11* SECREDNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) THIS PAGE INTENTIONALLY LEFT BLANK. OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) STATUTORY REPORTING * * (U) This semiannual report (SAR) is submitted pursuant to Section 17 of the CIA Act of 1949, as amended, which requires the IG to provide to the Director, CIA, a report summarizing the activities of the OIG for the immediately preceding six- month period. (U) COMPLIANCE (U) All OIG audit activities are conducted in accordance with generally accepted government auditing standards. All OIG inspection and investigation activities conform to standards adopted by the CIGIE. (U) PEER REVIEW (UHFOU0) The IG directed that Audit, Inspections, and Investigations undergo respective external peer review in FY 2014. (UHFOU0) In our SAR for the first half of FY 2014, we reported that Audit had successfully undergone a peer review by the Department of the Treasury 01G. (UHFOU0) The U.S. Nuclear Regulatory Commission (NRC) OIG conducted an external review of Investigations. The NRC OIG report, dated 30 July 2014, concluded the system of internal safeguards and management procedures in effect as of 30 April 2014 for the investigative function of the CIA OIG is in compliance with the quality standards established by the CIGIE and the Attorney General's Guidelines. There were no APRIL- SEPTEMBER 2014 formal recommendations resulting from the peer review. (UHFOU0) The NRO OIG conducted an external peer review of Inspections. The review, dated 13 August 2014, concluded the policies and procedures in effect as of 30 April 2014 for the inspections function have been designed and complied with to provide reasonable assurance that the staff is performing and reporting in conformity with the CIGIE standards reviewed. There were no formal recommendations resulting from the peer review. (U) ACCESS (U) The OIG continues to have full and direct access to all CIA information relevant to the performance of its duties. (U) SUBPOENA AUTHORITIES (U//FOU0) During this reporting period, the IG issued four subpoenas in support of an investigation into alleged travel voucher fraud. 1 3 * ONI1U0d38 A2:101111V1S SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U) THIS PAGE INTENTIONALLY LEFT BLANK. OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U) AUTHORITIES REQUESTED * * * * (U) AUTHORITY TO DESIGNATE POSITIONS FOR PAY AND BENEFIT PURPOSES (U) The IG intends to continue his pursuit to gain the authority to designate positions within OIG as law enforcement officer positions. This authority is available to all Title 5 Inspectors General and the Government Accountability Office. In its efforts to recruit investigators with IG experience, especially those with supervisory experience, CIA 010 and the Agency are at a disadvantage due to the lack of this authority. To facilitate the recruitment and retention of skilled criminal investigators, the CIA IG must have the authority to designate certain positions within OIG as law enforcement officer positions. The lack of positions designated as law enforcement officer positions also limits the ability of the CIA OIG to rotate officers in from and out to other offices of inspector general, greatly impacting the exchange of ideas, experiences, and investigative techniques. This exchange is vital to the IG's efforts to augment the criminal investigative knowledge, skills, and abilities in the CIA 01G. These officers would be entitled to law enforcement officer retirement benefits under Title 5, Chapters 83 and 84. APRIL- SEPTEMBER 2014 (U) For FY 2012, FY 2013, FY 2014, and FY 2015 the IG submitted legislative proposals seeking authority to designate certain positions within OIG as law enforcement positions for retirement purposes. A Congressionally mandated study by the Office of Personnel Management OIG published in June 2012 supports the need for these authorities. The Director, CIA (D/CIA) has submitted letters to both 1-IPSCI and SSCI in support of this initiative. The IG will continue to work with the intelligence oversight committees to obtain this authority. 15* C131S311032:1S311180HDIV SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) THIS PAGE INTENTIONALLY LEFT BLANK. OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) PROJECTS (U) AUDIT (U) COMPLETED PROJECTS (UNFOU0) Audit completed 24 projects that made 48 recommendations, including 24 which were considered significant. ARE OF FOCI. S (U) Collection and Analysis (U) Covert Action PROJEC N ANI E (W/FOU0) Information Handling and Sharing Prior to the April 15, 2013 BOSTON MARATHON BOMBINGS PROJECT NUMBER Combined IC IG Forum Report ISSUE D A FE April 2014 APRIL- SEPTEMBER 2014 17 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE: AUDIT COMPLETED PROJECTS (CONTINUED) AREA OF FOCUS PROJECT NAME (U) Information Security PROJECT NUMBER ISSUE DATE (b)(1) (b)(3) (U) 2014 Independent Evaluation of the CIA's Information Security Program and Practices Required by the Federal Information Security Management Act (FISMA) 2014-0018-AS September 2014 (U) Financial (U) FY 2013 Review of the CIA's 2014-0009-AS Management Compliance with the Improper Payments Elimination and Recovery Act (IPERA) of 2010 (U) Procurement Oversight and Contract Administration * 1 8 April 2014 (II) This table is SECRIET//NOFORN. OIG SEMIANNUAL REPORT (b) (b) (b)(3) (1) (3) SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) SUMMARIES OF COMPLETED WORK (UHFOU0) Information Handling and Sharing Prior to the April 15, 2013 BOSTON MARATHON BOMBINGS (Combined IC 1G Forum Report, April 2014) (U) The Inspectors General of the IC, the CIA, the DOJ, and the DHS conducted coordinated reviews of the extent and handling of information relevant to the Boston Marathon bombings that were available to the IC in advance of the 15 April 2013 bombings. The results of the CIA OIG review, which were reported internally in draft (CIA Handling of Information Leading up to the Boston Marathon Bombings [2013-0024-AS, October 2013]), and the reviews conducted by the other participating Inspectors General were included in a combined final report and an unclassified summary. (U) Based on information gathered during the coordinated reviews, CIA, FBI, DHS, and National Counterterrorism Center (NCTC) generally shared information and followed procedures appropriately. There were areas where broader information sharing between agencies may have been required. However, the participating OlGs found no basis to make broad recommendations concerning information handling and sharing. APRIL- SEPTEMBER 2014 1 9 * (b)(1) (b)(3) -u 0 SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN co 1-- c) w �0 cr o_ *20 OIG SEMIANNUAL REPORT SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 2 1 * (b)(1) (b)(3) (b)(5) SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN *22 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 2 3 * (b)(1) (b)(3) (b)(5) I SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN * 2 4 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 2 5 * (b)(1) (b)(3) (b)(5) SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SEGRETHNOFORN * 2 6 (U) 2014 Independent Evaluation of the CIA's Information Security Program and Practices Required by the Federal Information Security Management Act (FISMA) (2014-0018-AS, September 2014) (U) FISMA requires federal agencies to establish agency-wide, risk-based security programs for the information systems that support the agency, including those systems provided or managed by contractors. The Act prescribes an annual process of self-assessment and independent evaluation of an agency's information security program and practices. (UHFOU0) The OIG has completed 12 FISMA evaluations of CIA's information security program and practices. These evaluations have found that CIA generally complies with the requirements of FISMA and other applicable laws and regulations. OIG SEMIANNUAL REPORT SECRET//110FORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 2 7 * (b)(1) (b)(3) (b)(5) 'a 73 0 C- m C-) -I CI) I SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (b)(3) (b)(5) (U) FY 2013 Review of the CIA's Compliance With the Improper Payments Elimination and Recovery Act (IPERA) of 2010 (2014-0009-AS, April 2014) 0 * 28 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 SECRET//NOFORN 2 9 * (b)(1) (b)(3) (b)(5) -o XI 2 Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN *30 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 3 1 * (b)(1) (b)(3) (b)(5) -0 XI 2_ m 0 -I 0) I SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN *32 OIG SEMIANNUAL REPORT SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 3 3 * (b)(1) (b)(3) (b)(5) "I3 XI 2. m 0 -4 C/3 I SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN * 3 4 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) INSPECTIONS (U) COMPLETED PROJECTS (UHFOU0) Inspections completed seven inspections containing 15 recommendations, including seven significant recommendations. These recommendations serve to: enhance Agency oversight and guidance; mitigate strategic and operational risks; drive more effective use of resources; and improve collaboration in the IC. AREA OF FOCUS PROJECT NAME (U) Collection and Analysis (U) Governance (U) Information Security (U) Special Assessment PROJECT ISSUE NUMBER DATE (U) This table is SECRET/iNOFORN. (U) SUMMARIES OF COMPLETED WORK *36 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 3 7 * (b)(1) (b)(3) (b)(5) 0 r11 SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN ( ( ( *38 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN APRIL- SEPTEMBER 2014 3 9 * (b)(1) (b)(3) (b)(5) SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN *40 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) Ongoing Audits, Inspections, and Reviews The following Audits, Inspections, and Reviews, were open as of 30 September 2014: (b)(3) (U) Financial Management: � (U) Independent Audit of the CIA FY 2014 Financial Statements (b)(1) (b)(3) (U//FOU0) Covert Action: (b)(1) (b)(3) (U) Procurement Oversight and Contract Administration: (U) Governance: (U) Information Security: (UHFOU0) Collection and Analysis: (b)(1) (b)(3) (U) Research and Development: (b)(3) (U) Special Assessment: * Draft report issued. (b)(3) (b)(1) (b)(3) (b)(1) (b)(3) -0 P_ (-) cn (b)(3) APRIL- SEPTEMBER 2014 41 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U) INVESTIGATIONS (U) COMPLETED INVESTIGATIONS (U//FOU0) Investigators completed 61 investigations during this period. These investigations resulted in the issuance of six Reports of Investigations and eight memoranda to management, reporting the results of the investigation. The remaining 47 matters were closed internally by the 01G. In these matters, the OIG conducted an appropriate investigation and determined either sufficient evidence of the ( (1\11)1.1,, II. I) INN P. I IC. �1 10 \ initial allegation could not be established, or that management corrective action was unnecessary. Investigations also worked with the Dal in support in support of investigations and criminal prosecutions. The OIG formally referred 26 matters to the DOJ for prosecutorial consideration of violations of federal criminal law. In addition, the Agency took 11 disciplinary and security actions in response to OIG investigations and allegations processed through the OIG Hotline. (UHFOU0) As a result of Investigations' efforts, in recoveries were ordered on behalf of the U.S. Government. (UHFOU0) Alleged Misattribution of Detainee Intelligence (U) Time and Attendance Fraud - Contractor (UHFOU0) Alleged USERRA Violation (U) Alleged Misuse of Computer System by Contractors (U) Alleged Solicitation of Business Using Agency Systems by Contractor (U) Alleged Theft of Government Property (U) Alleged Hunting Violation at CIA Facility (U) Alleged Operational Risk at Hosting Provider (U) Alleged Moving Company Fraud (UHFOU0) Alleged Overcharging for PCS and Retiree Moves (U) Alleged Conflict of Interest (UHFOU0) Alleged Purchase and Distribution of Illegal Steroids in War Zone (U) Alleged Worker's Compensation Fraud (U) Alleged Worker's Compensation Fraud (U) Alleged Misuse of Government Funds * 4 2 ( \ I NIBIER 2010-09729-IG 2012-10633-IG 2013-11231-IG 2013-11412-IG 2013-11550-IG 2013-11460-IG 2013-11664-IG 2014-11812-IG 2011-10492-1G 2013-11339-IG 2013-11423-IG 2013-11523-1G 2013-11611-IG 2013-11612-IG 2013-11618-IG ISM I.; IF April 2014 April 2014 April 2014 April 2014 April 2014 April 2014 April 2014 May 2014 May 2014 May 2014 May 2014 May 2014 May 2014 May 2014 May 2014 OIG SEMIANNUAL REPORT SECRETHNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U) TABLE: INVESTIGATIONS COMPLETED INVESTIGATIONS (CONTINUED) CON1 PEETED INVESTIGATIONS C 1SE Nt BER E DATE (UHFOU0) Alleged Visa Fraud in Overseas Field Station 2013-11647-IG May 2014 (U) Alleged Abuse by Staff Members of ComputerAdmin 2014-11768-IG May 2014 Privileges (UHFOU0) Alleged Asset Mishandling in Overseas Field Station 2014-11876-IG May 2014 (U) Alleged False Claim for Separation Maintenance Allowance and Other Benefits 2012-10920-IG June 2014 (U) Alleged Time and Attendance Fraud - Contractor 2012-10969-IG June 2014 (U) Alleged Theft of Government Property by Contractor 2013-11370-1G June 2014 (U) Alleged Theft of Government Property 2013-11421-IG June 2014 (U) Alleged Conflict of Interest by Staff Employee 2013-11591-1G June 2014 (U) Alleged Reprisal of Former Employee of Contractor 2014-11786-IG June 2014 (U) Alleged Conflict of Interest 2014-11941-1G June 2014 (U) Alleged Destruction of Data by Contractor 2014-11957-1G June 2014 (U) Alleged Weapons Violation by Contractor 2007-09771-1G July 2014 (U) Alleged Contractual Improprieties 2011-10490-IG July 2014 (U) Time and Attendance Fraud - Staff Employee 2013-11209-1G July 2014 (U) Alleged Conflict of Interest in DS&T Training Program 2013-11322-IG July 2014 (UHFOU0) Alleged Misuse of CIA Credential by Independent 2013-11389-IG July 2014 Contractor (UHFOU0) Alleged Misuse of Government Funds by Cover 2013-11442-1G July 2014 Providers (U) Allegation of Misuse of Authority 2013-11466-IG July 2014 (UNFOU0) Alleged Domestic Violence Incident at Overseas 2013-11499-IG July 2014 Field Station (U) Alleged Extortion by Contractor 2013-11508-IG July 2014 -0 0 (U) Alleged Contract Irregularity 2014-11686-IG July 2014 (-) (U) Alleged Violation of Post Employment Restrictions 2014-11690-IG July 2014 C/1 (UHFOU0) Alleged Assault of Officer in Overseas Field Station 2014-11705-IG July 2014 APRIL- SEPTEMBER 2014 4 3 * SECREMNOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U) TABLE: INVESTIGATIONS COMPLETED INVESTIGATIONS (CONTINUED) ( OMPLETED INVESTIGATIONS CASE NUMBER ISSUE DV II (UHFOU0) Agency Access to SSCI Shared Drive on RD1Net 2014-1 1718-IC July 2014 (U) Alleged Misuse of Agency Systems 2014-I 1815-IC July 2014 (U) Alleged Conflict of Interest 2014-11863-IG July 2014 (IR/F.0U�) Alleged Agency Impersonator 2014-11872-1G July 2014 Information by 2014-11926-IG July 2014 (U) Alleged Destruction of Government Contractor (U) Suspicious Error Message When Opening OIG Document 2014-12015-IG July 2014 (UPFOU0) Alleged Wrongful Sharing of RH Material 2013-11358-IG August 2014 (1)//FOU0) Counterfeit CIA ID Used by Non-Agency Officer to 2013-11403-IG August 2014 Possibly Engage in Fraud (U) Alleged Mismanagement of an Agency Program 2013-11411-IG August 2014 (UHFOU0 Individual Arrested with Counterfeit Agency ID in MI 2013-11488-IG August 2014 (U) Alleged Ethics Violation 2013-11571-IG August 2014 (U//FOU0) Alleged Attempted Bribery in War Zone 2013-11582-IG August 2014 (U) Alleged Theft of Government Property 2014-11674-IG August 2014 (U) Alleged Abuse of Position and Authority by Contractor 2014-11696-IG August 2014 (U) Alleged Accounting Reimbursement Fraud 2014-11772-1G August 2014 (U) Alleged Employee Ethics Violation 2014-11838-IG August 2014 (UNFOU0) Alleged Cash Shortage at Overseas Field Station 2014-11904-IC August 2014 (U) Allegations of Mismanagement 2014-11921-IG August 2014 (UHFOU0) Alleged Shooting Incident in Overseas Field Station 2014-11925-1G August 2014 (U) Alleged Disclosure of Classified Information 2014-11959-1G August 2014 (UNFOU0) Allegation of Exposure of a Covert Agency Official 2014-12012-IG August 2014 (U//FOLIO) Alleged Computer Misuse 2014-11973-1G September 2014 (U//FOU0) Alleged Detainee Abuse at 2014-12000-IG September 2014 Overseas Base (b)(3) This table is UNCLASSIE1ELYTOR OFFICIAL USE ONLY *44 OIG SEMIANNUAL REPORT SECRET/NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) SELECT SUMMARIES OF INVESTIGATION (U) This section summarizes significant investigations completed during this reporting period. (UHFOU0) Alleged Misattribution of Detainee Intelligence (2010-09729-IG, April, 2014) b'(3 (UHFOU0) Alleged Visa Fraud in Overseas Field Station (2013-11647-IG, May 2014) (UHFOU0) Alleged USERRA Violation (2013-112314G, April 2014) (UHFOU0) Alleged False Claim for Separate Maintenance Allowance and other Benefits (2012-10920-IG, June 2014) (b)(3) (b)(3) (b)(5) (b)(7)(c) APRIL- SEPTEMBER 2014 45 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRETHNOFORN (U//FOU0) Alleged Domestic Violence Incident at Overseas Field Station (2013-11499-IG, July 2014) (U) Alleged Extortion by Contractor (2013-11508-IG, July 2014) (UHFOU0) Alleged Access to SSCI Shared Drive on RDINet (2014-11718-I6, July 2014) (UHFOU0) The 01G conducted an investigation into the alleged improper access of a SSCI shared drive on the Rendition, Detention, and Interrogation Network (RDINet) by Agency personnel. (U) The investigation concluded that five Agency personnel improperly accessed SSCI Majority staff shared drives on the RDINet. The report also concluded the CIA crimes report, alleging potential criminal conduct by SSCI staffers, filed with the *46 DOJ, was based upon inaccurate information provided to the author of the letter. The OIG also determined that three persons were uncooperative with the OIG investigation. (U) The OIG referred the investigation to the DOJ, which declined any interest in criminal prosecution. (U) The D/CIA convened an Agency Accountability Board in response to the OIG Report of Investigation. (UHFOU0) Alleged Misuse of Agency Systems (2014-118154G, July 2014) (b)(3) (b)(5) (b)(7)(c) (UHFOU0) Alleged Mismanagement of an Agency Program (2013-11411-IG, August 2014) OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (b)(3) (UHFOU0) Alleged Shooting Incident in Overseas Field Station (2014-119254G, August 2014) (UHFOU0) Alleged Theft of Government Property (2014-11674-IG, August 2014) (b)(3) (b)(3) (UHFOU0) Alleged Computer Misuse (2014-119734G, September 2014) (U) Alleged Accounting Reimbursement Fraud (2014-117724G, August 2014) APRIL- SEPTEMBER 2014 4 7 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 (b)(3) (b)(1) (b)(3) (b)(3) SECRET//NOFORN (S//NF) Alleged Detainee Abuse at Overseas Base (2014-12000-IG, September 2014) (U) Recommendation (b)( (b)( (b)( (b)(3) (b)(5) (U) Mortgage Fraud (2012-10692-IG) 3) 6) 7)(c) C.) a u) Ix (b)(3) (b)(6) (b)(7)(c1) (U) Prosecutions (UHFOU0) Theft of Classified Information (2010-10875-IG) (b)(3) (b)(6) (b)(7)(c *48 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) HOTLINE (U) The OIG Intake Unit is responsible for the OIG Hotline and complaint processing. The Intake Unit provides a confidential and reliable source for Agency employees, contractors, and the public to report fraud, waste, abuse, and gross mismanagement. (U) FIGURE 1: (U) Matters Received by the Following Methods (Number of Contacts, Percentage) Telephone (secure) Referral: Component 5 8 Contacts. 3% Contacts, 2% Telephone (non-secure) 33 Contacts, 11% Report Fraud Website 30 Contacts, 10% E-mail (secure)/ 66 Contacts, 23% E-mail (AIN) Other 9 Contacts, 3% ---- In-Person 22 Contacts, 8% US Mail 106 Contacts, 37% Referral. Component DOJ 0 Contacts, 0% 2 Contacts, 1% Referral: From OGA 7 Contacts, 2% (U) Figure I is UNCLASSIFIED. Management Issues 14,5% Contract Fraud 7,2% Contractor Misconduct 11 4% Contractor T&A 6,2% Staff Misconduct 35, 12% (U) During the period 1 April to 30 September 2014, the Intake Unit received 289 contacts from the Agency and the general public (see Figure 1). The OIG categorized the 289 contacts into 13 categories (see Figure 2). The OIG then processed the contacts according to the nature of the complaints (see Figure 3). (U) FIGURE 2: (U) Matters Received by Category (Number, Percentage) OGA Assistance 7,2% Other 27,9% Non-Credible Complaints 110,38% Criminal Violations 26,9% Computer Violations Workplace/Process 7,2% Grievance 24, 8% Staff T&A 14,5% (U) FIGURE 3: (U) Matters Referred by Category (Number, Percentage) Closed without Action 21,9% Referred to OGA 5,2% Referred to Agency Management 64, 22% (U) Note: Due to rounding, percentages may not total 100%. APRIL- SEPTEMBER 2014 Other 11,1% 43, 15% OIG Investigation Whistleblower Reprisal < 1, 0% (U) Figure 2 is UNCLASSIFIED. __ Referred to AUG 40 or INS Grievance, EEO or OS Appeals 11,6% Referred to TMU 110, 38% (U) Figure 3 is UNCLASSIFIED. SECRET//NOFORN 49* Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (1.1) THIS PAGE INTENTIONALLY LEFT BLANK. OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) STATUS OF SIGNIFICANT RECOMMENDED ACTIONS * * (U) The figures below illustrate Audit and Inspections report and recommendation statistics through the end of FY2014. Figure 1 outlines the number of Audit and Inspections reports made by FY. Figure 2 outlines the number and status APRIL-- SEPTEMBER 2014 * * of recommendations issued by FY. Figure 3 summarizes the number of open recommendations by directorate. Figure 4 illustrates the number of recommendations that remain open by FY. with a breakdown of significant and not significant. 51* (b)(3) SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) OUTSTANDING FROM PREVIOUS SEMIANNUAL REPORTS (U) As required by statute, the following tables present the status of significant recommended actions that remain open from previous Semiannual Reports (SARs). The reports are presented in order of issuance date from most recent to oldest. The tables also present a summary of each significant recommendation and the status of the recommendation as of the end of the reporting period. (U) There are four categories of reporting for the status of a recommendation: (1) no corrective actions taken, (2) corrective actions in-process, (3) corrective actions complete, and (4) closed without full implementation. Recommendations are considered "in process" when the responsible component has initiated corrective actions, but has not completed those actions. A recommendation is considered complete when the OIG has determined that the responsible component has satisfactorily addressed the recommendation. (U) Investigations does not have any open significant recommended actions. (U) TABLE 1 � STATUS OF SIGNIFICANT RECOMMENDED ACTIONS: AUDIT (U) As of the end of the previous reporting period, 31 March 2014, 135 significant recommendations issued by Audit and reported in previous SARs remained open. Audit issued 24 significant recommendations during this reporting period, as noted in the Completed Projects section, resulting in 159 open significant recommendations. Based on work completed by CIA, Audit closed 43 of these recommendations during this reporting period, and 116 recommendations remain open as of 30 September 2014. (U) TABLE I: AUDIT BEGINS ON NEXT PAGE. * 52 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) St NINI AR\ OF RECOMMEND VI ION ST VIA S RESPONSIBLE PARTY APRIL- SEPTEMBER 2014 SECRET//NOFORN 53* (b)(1) (b)(3) (b)(5) m > 0-I m 0 z m o cr) m _ o 0> z z (r) Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) St.N1N1 \ RN OF k EDITS STATt S RE( ONIMENDATI)N RESPONSIBLE PARTY *54 SECRET//NOFORN OIG SEMIANNUAL REPORT Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) kt 1)1 l'S St N1N1 \ OF RECOMMEND kT1ON SFTt S RESPONSIBLE PART (U//FOLO) Availability and Performance of CIA Information Systems (2012-0038-AS, February 2014) APRIL- SEPTEMBER 2014 SECRET//NOFORN 55* (b)(3) (b)(5) (b)(3) (b)(5) (b)(1) (b)(3) (b)(5) Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (Li) TABLE AUDIT (CONTINUED) ArDll S (UHFOU0) The CIA's Contract Settlement Process (2012-)016-AS, January 2014) *56 St MAI kin OF RECONI A1EN DAT! ON SECRETIINOFORN SIATI RESPONSIBLE PARTY OIG SEMIANNUAL REPORT Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (1.1) TABLE 1: AUDIT (CONTINUED) DITS St kJ M kill OF RECOMMEND kTION RESPONSIBLE PARTY APRIL- SEPTEMBER 2014 57 * SECRET//NOFORN 73 c-)5 0-1 m o co m DO > � c") �I 5 0> Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) MMARY OF AUDITS STATES RECOMMENDATION RESPONSIBLE PARTY (U) Evaluation Required by the Reducing Over- Classification Act (2013-0016-AS, September 2013) (11//1:0110) REC 2: Inmlement effective, mandatory derivative classification refresher training tor CIA personnel as required by Executive Order 13526, Classified National Securily and Agency Regulation 10-3. (.7a.s.silicaiioif am/Dec/ossification of Agency Information. * 58 OIG SEMIANNUAL REPORT SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) FAI31.1 I: At DI (CO\ FINt II)) AUDITS SUMMARY OF RECOMMENDATION STATUS RESPONSIBLE PARTY (b)(1) (b)(3) (b)(5) APRIL- SEPTEMBER 2014 59 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (13) TABLE 1: AUDIT (CONTENTED) DITS (UHFOU0) CIA's Incident Response and Reporting Capability (2013- 0014-AS, September 2013) (U) Security Training for Privileged Users of CIA Systems (2013-0010-AS, September 2013) SI NEM kR1 OF RECOMMENDATION S I AT( S RESPONSIBLE PART * 6 0 SECRET//NOFORN OIG SEMIANNUAL REPORT Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) 1.t 1)1 i.' St VIVI 1RY OF RECOMMENDATION RESPONSIBLE PARTY (b)(1) (b)(3) (b)(5) APRIL-. SEPTEMBER 2014 61 * SECRET//NOFORN Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN \I'\' \I\ ()I RI.( ()NI \11- \ D \ I HD \ (U) TABLE 1: AUDIT (CONTINUED) 121 ',1'0V,1111 1 \1211 *62 SECRETHNOFORN OIG SEMIANNUAL REPORT Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (L) I kill,' I: 11.1)11 ((()N I INt II)) AUDITS SUMMARY OF RECOMMENDATION STATUS RESPONSIBLE PARTY (b)(1) (b)(3) (b)(5) (b)(3) (b)(5) m (f) I n 0 m z -11 cn m � 0 0 (Th > Z Cn (U) CIA Management of Laptop Computers (2011-0014-AS, March 2013) (U) Contract Award Fee Evaluation Factors and Determinations (2010-0(127-AS, March 2013) APRIL - SEPTEMBER 2014 SECRETHNOFORN 6 3 * Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) kl DI I S St_ M MARY OF RECOMMENDATION SF AT U S RESPONSIBLE PARTY (UHFOU0) BASIS Acquisitions Application Controls (201I-0027-AS, October 2012) *64 SECRET//NOFORN OIG SEMIANNUAL REPORT Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECRET//NOFORN (U) TABLE 1: AUDIT (CONTINUED) (U//FOLIO) BASIS Acquisitions Application Controls (2011-0027-AS, October 2012) (continued) (U) 2012 Independent Evaluation of the CIA Information Security Program and Practices Required by the Federal Information Security Management Act (2012-0012-AS, September 2012) (U//FOU0) CIA's Virtualized Information Processing Project (2010-0025-AS, September 2012) (U) CIA's Quantum Leap System (2011- 0017-AS, September 2012) APRIL SEPTEMBER 2014 St NI ARA OF RECOMMENDATION SIAll S RESPONSIBLE IA RTN1 SECRETHNOFORN 6 5 * cf) M c-) > 0 cr) m 0 0 w 0 0 � m c-) 0> z Cl) Approved for Release: 2024/04/24 C06667615 Approved for Release: 2024/04/24 C06667615 SECREMNOFORN (U) TABLE I: AUDIT (CONTINUED) CO z