Report | June 18, 2018

Project Announcement: Reannouncement of the Audit of the DoD's Implementation of Cybersecurity Controls for Unmanned Aerial Vehicle Systems as the Audit of DoD's Management of Cybersecurity Risks for Purchasing Commercial Items (Project No. D2018-D000CR-0113.000)

We are reannouncing the subject audit, announced March 5, 2018, to inform you of changes to our objective. The original audit objective was to determine whether the DoD implemented and operated cyber and physical security controls in accordance with Federal and DoD system, communications, and information security requirements to protect select unmanned aerial vehicle (UAV) systems from unauthorized access and use. During site visits in support of the original objective, we determined that concerns for how the DoD manages cybersecurity risks may exist for other commercial items. The reannounced audit objective is to determine whether the DoD is assessing and mitigating cybersecurity risks when purchasing and using select commercial items.