Our statutory Federal Information Security Modernization Act (FISMA) review sought to assess the effectiveness of the Department’s information security program, including a test of the effectiveness of information security policies, procedures, and practices of a representative subset of its information systems.
Although the Department had several notable improvements in implementing its cybersecurity initiatives, its overall information technology security programs and practices were not effective in all five security functions. We had findings in all eight metric domains, which included findings with the same or similar conditions identified in prior FISMA reports. Until the Department improves in these areas, it cannot ensure that its overall information security program adequately protects its systems and resources from compromise and loss.
We made 24 recommendations to assist the Department with increasing the effectiveness of their information security programs.
Information Technology Security
See other FISMA reports.