Our statutory Federal Information Security Modernization Act (FISMA) review sought to assess the effectiveness of the Department’s information security program, including a test of the effectiveness of information security policies, procedures, and practices of a representative subset of its information systems.
Although the Department made several improvements in implementing its cybersecurity posture, the Department’s overall information technology security program and practices were not effective in all five security functions reviewed. We had findings in four of the nine metric domains, which included findings with the same or similar conditions identified in prior reports, as well as open findings from previous years where the corrective action plan was not completed.
We made 16 recommendations in 4 of the 9 metric domains to assist the Department with increasing the effectiveness of their information security programs.
Information Technology Security
See other FISMA reports.