USAID OIG issued a management advisory to USAID regarding security concerns at two USAID missions—one of which is a high-threat mission. We visited the missions in February 2025 as part of an annual audit required under the Federal Information Security Modernization Act of 2014. One mission is collocated with a U.S. embassy; the other mission is not. During the visits, we observed vulnerabilities to physical access security at both missions. For the mission collocated with a U.S. embassy, we identified concerns with entry into USAID’s facility; and at both missions, we identified concerns with access to restricted information technology (IT) areas. We acknowledge that USAID is in the process of winding down its operations overseas. However, as long as the Agency maintains a presence abroad, such vulnerabilities will put Americans and Agency IT systems at risk and, therefore, warrant the attention of Agency officials.
While we are not making recommendations, we strongly urge USAID officials to verify that individuals are authorized to access all Agency facilities and sensitive IT areas abroad. This is critical as long as the Agency has a presence abroad.
Read the full management advisory.