Our statutory Federal Information Security Modernization Act (FISMA) review sought to determine whether the Department and Federal Student Aid’s (FSA) overall information technology security programs and practices were effective as they relate to Federal information security requirements.
The Department’s and FSA’s overall information security programs were not effective in any of the five security functions reviewed. We also identified weaknesses in all of the metric domains reviewed, which included findings with the same or similar conditions identified in previous FISMA reports. Similar to our previous FISMA reports, we did find that both the Department and FSA are making progress in strengthening their information security; however, weaknesses remain, leaving their systems and resources vulnerable to compromise and loss.
We made 37 recommendations to assist the Department with increasing the effectiveness of their information security programs.
Information Technology Security
See other OIG reports on FISMA.