The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, document, and implement an information security program to protect their information and information systems, including those provided or managed by another agency, contractor, or source. FISMA also requires agencies to have an annual assessment of their information systems.
We contracted with the independent certified public accounting firm Brown and Company CPAs and Management Consultants PLLC to conduct an audit of USADF’s compliance with FISMA during fiscal year (FY) 2018. The audit firm concluded that USADF generally complied with FISMA requirements by implementing 46 of 59 selected security controls for selected information systems. However, the 13 controls USADF did not implement expose it to risks and constitute weaknesses. To address them, OIG made three recommendations; at the time of report issuance, they were resolved but open pending completion of planned activities.