U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Audit of NARA's Controls over the Use of Information Technology Equipment and Resources

Report Information

Date Issued
Report Number
Report Type
Joint Report
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


Designate an office to take the ownership of NARA’s inappropriate use program, and formally document and communicate to all stakeholders their management and oversight responsibilities for detecting and reporting suspected inappropriate use.

Update Supplement 1 to NARA Directive 363, NARA Penalty Guide, to include penalties for misusing government IT equipment and resources.

Retain a complete and centralized work history of technical actions taken when malware or other compromise is the suspected cause of indicators of inappropriate use.

Strengthen contract oversight controls to ensure all contract deliverables are completed in a complete, accurate, and timely manner, as it relates to the analyzing and monitoring of inappropriate Internet use on NARA IT resources.

Increase the Analytics log retention period in FortiAnalyzer to one year in accordance with NARA Enterprise Architecture.

Ensure a process is developed to retrieve IT devices and review user Internet activity on NARA-issued IT devices when they were not connected to NARANet, when other indicators of inappropriate use are detected.

Ensure a process is developed to select sample inappropriate use occurrences on a periodic basis for further investigation and analysis.

Implement a user consent banner in accordance with NARA Directive 802 on all NARA mobile devices.

Disable private browsing on all NARA mobile devices.