Our statutory review sought to assess the effectiveness of the Department’s information security program, including a test of the effectiveness of information security policies, procedures, and practices of a representative subset of its information systems.
The Department’s security program and practices were operating at an effective level of security. We also followed up on the status of the recommendations we offered in our recent FISMA reports. Of the 77 recommendations included in our FY 2019 to FY 2021 FISMA reports, we determined that 20 recommendations remained open: (1) 1 out of 37 remained open from FY 2019; (2) 9 out of 24 remained open from FY 2020, and (3) 10 out of 16 remained open from FY 2021. As noted in our report, this progress demonstrates the Department’s efforts toward achieving an effective security program.
We made 10 recommendations to assist the Department with increasing the effectiveness of its information security programs.
Information Technology Security
See previous FISMA reports.