Enable breadcrumbs token at /includes/pageheader.html.twig

NSA Office of the Inspector General Releases 2nd Semiannual Report for 2024

The OIG made zero convictions during this period, the report states.

The National Security Agency Office of the Inspector General released its second semiannual report to Congress of 2024 on December 2, 2024. Credit: Lisavetta/Shutterstock

The National Security Agency (NSA) Office of the Inspector General (OIG) released its semiannual report to Congress on December 2 for the period from April 1 to September 30, 2024.

According to the report, 32 new investigations opened and 23 investigations closed. The OIG made 17 disciplinary actions and $275,717 in monetary recovery.

Under one of its investigations, the OIG determined that a senior executive submitted false and inaccurate timesheets, resulting in a loss of $5,245 to the government. The OIG also completed four investigations into allegations of reprisal.

Out of 22 investigative reports, no convictions resulted from OIG investigations in this reporting period, according to the semiannual report. However, in June, a CEO of a contract company was found guilty of 19 counts of submitting false claims to the NSA, and the CEO was sentenced to 13 months in prison and ordered to pay $176,913 in restitution.

“As the acting inspector general, I continue to evaluate our processes, making sure we are a strong, efficient and timely watchdog focused on the top challenges facing the agency,” Kevin B. Gerrity wrote in the report. “As the watchdog, we understand and continue to emphasize—through outreach and education to NSA—that whistleblower rights and protections are critical to a properly functioning government.”

All nine of the NSA’s Federal Information Security Modernization Act information technology security areas are at least at Maturity Level 2: defined policies, procedures and strategies, according to the OIG’s report. Two areas reached Maturity Level 4: managed and measurable, which represents an effective level of security. The OIG noted room for improvement for the seven areas not at Maturity Level 4.

The OIG reviewed and evaluated the NSA’s protection of especially sensitive classified information by assessing its policies, procedures and data, and interviewing especially sensitive classified information oversight bodies.

Within this period, the OIG also examined the NSA’s description of its system supporting the performance of financial processing services, and the office found that the description fairly presented the system.

The OIG’s inspection reports identify personnel safety and security risks at an NSA location and found that the NSA should focus on ensuring that personnel have sufficient access to medical care.

The OIG evaluated emergency destruction documentation at certain NSA site locations and decided that several deficiencies should be addressed by the NSA to ensure clear guidance on emergency destruction.

The NSA is not in compliance with the Federal Financial Management Improvement Act of 1996, and its target for compliance is Fiscal Year 2028, according to the report.

All audits, inspections, evaluations and investigations of senior government employees closed during the reporting period, and the OIG did not open or complete any investigations of disclosures of classified information.