U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The U.S. Department of Education’s Federal Information Security Modernization Act of 2014 for Fiscal Year 2020

Report Information

Date Issued
Report Number
A11U0001
What We Did

Our statutory Federal Information Security Modernization Act (FISMA) review sought to assess the effectiveness of the Department’s information security program, including a test of the effectiveness of information security policies, procedures, and practices of a representative subset of its information systems.

What We Found

Although the Department had several notable improvements in implementing its cybersecurity initiatives, its overall information technology security programs and practices were not effective in all five security functions. We had findings in all eight metric domains, which included findings with the same or similar conditions identified in prior FISMA reports. Until the Department improves in these areas, it cannot ensure that its overall information security program adequately protects its systems and resources from compromise and loss.

What We Recommend

We made 24 recommendations to assist the Department with increasing the effectiveness of their information security programs.

Management Challenge Area

Information Technology Security

Related Work Products