We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct an audit of the U.S. African Development Foundation’s (USADF’s) information security program for fiscal year 2019, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that USADF generally implemented an effective information security program by implementing 80 of 85 selected security controls for selected information systems, but it also identified some weaknesses. We made one recommendation to further strengthen USADF’s information security program.
USADF Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2019
Document and implement compensating controls and acceptance of the risk for information system components when support for the components is no longer available from the developer, vendor, or manufacturer when replacing system components is not feasible.