The Department of Homeland Security has fallen short of compliance requirements and existing standards when it comes to managing, securing and deploying mobile devices within its CIO and intelligence office, according to the agency’s latest inspector general report.
The watchdog’s audit found that mobile apps with vulnerabilities were installed, appropriate security settings were skipped over, high-risk app restrictions were ignored and device infrastructure was insufficient.
The lagging security standards were widespread, according to the DHS OIG. More than three-quarters of the 650 mobile apps installed on the intelligence office’s mobile devices posed security risks, were explicitly prohibited or allowed prohibited activities. Some of these apps were associated with foreign adversaries, pertained to outside employment or were outright banned by the National Defense Authorization Act.
DHS’s inspector general office conducted the audit from December 2023 through March 2025. As part of that work, the team interviewed officials and staff, assessed internal controls, compared inventory lists and gathered usage reports, among other steps to determine…
