U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federal Information Security Modernization Act of 2014 (FISMA) Audit of the U.S. Department of Education’s Information Security Program and Practices for Fiscal Year 2025

Report Information

Date Issued
Report Number
A25IT0212
What We Did

The objective of the FY 2025 Federal Information Security Modernization Act (FISMA) audit was to determine whether the U.S. Department of Education’s (Department’s) overall information technology (IT) security program and practices are effective as they relate to Federal information security requirements. To determine the effectiveness of the Department’s information security program, the audit team utilized the FY 2025 Inspector General FISMA reporting metrics, which required that an independent assessor evaluate core and supplemental reporting metrics identified by the Office of Management and Budget. To properly conclude on the effectiveness of the Department’s information security program and practices, a rotational strategy was used to select five in-scope systems not evaluated in the previous year’s audit.

What We Found

Overall, the team found that the Department’s information security programs and practices were effective supporting the five in-scope systems, as nine out of ten FISMA domains were effective, and one FISMA domain was not effective. The Team also identified 16 conditions across the 10 FISMA domains indicating potential areas of improvement.

What We Recommend

The audit team made 5 recommendations to assist the Department with increasing the effectiveness of its information security programs. 

Management Challenge Area

Information Technology Security

Related Work Products

See previous FISMA reports.