The National Security Agency (NSA) Office of the Inspector General (OIG) released an unclassified version of its Semiannual Report to Congress (SAR) summarizing the OIG’s oversight work during the second half of Fiscal Year 2023.
The SAR describes a number of oversight products completed during the reporting period, including the following reports:
- A report identifying an insufficient program Quality Assurance Surveillance Plan that was not being followed and oversight issues with outsourcing program contractor performance assessments;
- An audit of the Agency's internal response to software vulnerabilities that did not reveal any compromise of NSA/CSS systems; however there were three findings related to the Agency's internal response;
- An audit of the Agency's Cryptologic Reserve Program found multiple internal policy violations and hours not properly accounted for;
- A report of recurring challenges noted in OIG inspections found missing, out-of-date, or inaccurate documentation; failure to follow policies, regulations, and/or procedures; lack of accountability or inadequate management oversight; and inconsistent leadership communications; and
- An evaluation of a targeting system's control framework found that the control framework was properly functioning to ensure compliance with the laws, directives, and policies that protect civil liberties and individual privacy.
In total, the OIG made 304 recommendations to NSA management to address the findings made during the period and assist the agency in improving the economy, efficiency, and effectiveness of its operations.
The SAR reports the NSA OIG's participation in a multi-agency investigation that led to a $377.45 million settlement of False Claims Act allegations. The SAR also details that, during this reporting period, the OIG Investigations Division processed 796 contacts, resulting in 35 new investigations. The report describes the results of investigations completed during the reporting period, and that a total of 27 investigations and 149 inquiries were closed resulting in the proposed recoupment of approximately $298,000. As a result of OIG investigations, 37 employees retired, resigned in lieu of removal, or had other disciplinary acts taken against them.
In his Message submitting the SAR, Deputy Inspector General Kevin B. Gerrity also highlighted the OIG team's focus on outreach to the Agency enterprise wide, with a particular emphasis on whistleblowers. He also highlighted how a tip to the NSA OIG hotline led to a recent federal conviction for fraud. Deputy IG Gerrity concluded that “it is an honor to be a part of this dedicated team of professionals, and I look forward to reporting the positive impacts of their work.”
On November 30, 2023 the SAR was transmitted to Congress as required by the Inspector General Act of 1978, as amended (IG Act).