MCC Generally Implemented an Effective Information Security Program for Fiscal Year 2019 in Support of FISMA

Audit Report
Report Number
A-MCC-20-001-C

We contracted with the independent certified public accounting firm of RMA Associates, LLC, to conduct an audit of MCC’s information security program for fiscal year 2019, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that MCC generally implemented an effective information security program by implementing 85 instances of 101 selected security controls for selected information systems, but it also identified some weaknesses. We made four recommendations to further strengthen MCC’s information security program.

Recommendations

Recommendation
1

MCC's chief information officer create a monitoring plan to review and update policy, procedures, and agreements in accordance with the timeliness requirements established in agency policies.

Questioned Cost
0
Funds for Better Use
0
Close Date
Recommendation
2

MCC's chief information officer revise the contingency plan to accurately identify the alternate processing site and associated procedures.

Questioned Cost
0
Funds for Better Use
0
Close Date
Recommendation
3

MCC's chief information officer in consultation with business owners, determine what information systems need to be prioritized for recovery; then, update the business process analysis and contingency plan to reflect these priorities.

Questioned Cost
0
Funds for Better Use
0
Close Date
Recommendation
4

MCC's chief information officer develop a procedure for contingency situations that defines the information technology personnel, their roles, responsibilities, authorities, and timeline for the contingency training that personnel will receive upon assuming those roles

Questioned Cost
0
Funds for Better Use
0
Close Date