DHS mobile device security falls short of standards, inspector general report finds

The Department of Homeland Security's CIO and intelligence office has failed to meet compliance requirements and existing standards for managing, securing, and deploying mobile devices, according to the agency’s latest inspector general report. The audit revealed significant vulnerabilities in mobile app management and security settings, as reported by Fedscoop.

The Department of Homeland Security's inspector general report found that over three-quarters of the 650 mobile apps installed on devices within the intelligence office posed security risks, were explicitly prohibited, or allowed prohibited activities. Some of these apps were linked to foreign adversaries or violated the National Defense Authorization Act. The audit, conducted from December 2023 to March 2025, also identified skipped security settings and insufficient device infrastructure.

The Office of the Chief Information Officer (OCIO) disputed the inspector general's claim of denied system access, stating that data extracts were provided to protect sensitive information. Despite this disagreement and ongoing tensions regarding oversight obstruction, DHS has concurred with the 11 recommendations from the IG. These include implementing security countermeasures, developing policies for custom apps, and improving compliance tracking for mobile devices.

Source: Fedscoop