The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, document, and implement an information security program to protect their information and information systems, including those provided or managed by another agency, contractor, or other source. FISMA also requires agencies to have an annual assessment of their information systems.
OIG contracted with Clifton Larson Allen LLP to conduct an audit to determine whether OPIC implemented certain security controls for selected information systems during fiscal year 2017.
Although OPIC implemented 98 of 104 selected security controls, the auditors found OPIC did not effectively implement the remaining six controls.
The auditors made three recommendations to help OPIC strengthen its information security programs. OPIC made management decisions on all of them.