IAF Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2019

Audit Report
Report Number
A-IAF-20-004-C

We contracted with the independent certified public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, to conduct an audit of the Inter-American Foundation’s (IAF’s) information security program for fiscal year 2019, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that IAF generally implemented an effective information security program by implementing 78 of 89 selected security controls for selected information systems, but it also identified some weaknesses. We made three recommendations to further strengthen IAF’s information security program.

Recommendations

Recommendation 1

IAF's chief information officer develop and implement procedures for maintaining an accurate hardware and software inventory in accordance with NIST Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations," Security Control CM-8, information system component inventory, and IAF's standard operating procedures.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 2

IAF's chief information officer update the Continuity of Operations Plan to include a business impact analysis.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 3

IAF's chief information officer enforce policies and procedures to ensure that specialized security training is provided to and completed by all privileged users with significant security responsibilities in FY 2020.

Questioned Cost:
$0
Funds For Better Use:
$0