Skip Navigation Change Font Size

Audit (A-18-12-30420)

Information Security Weaknesses Pose Risk to Operations and the Mission of the Substance Abuse and Mental Health Services Administration (SAMHSA)

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.


We reviewed selected information technology (IT) security controls over the Substance Abuse and Mental Health Services Administration (SAMHSA) network management in effect as of June 2012. We assessed the IT security controls for inventory management, patch management, antivirus management, event management, logical access, encryption, web vulnerability management and Universal Serial Bus (USB) port control management.

We found that the IT security controls for SAMHSA, that are owned and managed by the Information Technology Infrastructure and Operations (HHS/ITIO), were inadequate because security protections to be provided to SAMHSA had not been implemented and adequately monitored.

Copies can also be obtained by contacting the Office of Public Affairs at

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201