We contracted with the independent certified public accounting firm CliftonLarsonAllen LLP (CLA) to conduct an audit of the U.S. African Development Foundation’s (USADF’s) information security program for fiscal year 2020 as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that USADF generally implemented an effective information security program by implementing 72 of 76 instances of selected security controls for selected information systems, but it also identified some weaknesses. We made three recommendations to further strengthen USADF’s information security program.
USADF Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA
USADFs Chief Information Security Officer document and implement scan configuration reviews to analyze, detect and remediate vulnerabilities.
USADFs Chief Information Security Officer document and implement a process to verify USADFs Authorizing Officials review the authorization packages from provider organizations as a fundamental basis for determining risk and issue the respective Authorizations to Use for USADFs external systems and/or services.
USADFs Chief Information Security Officer design and implement a process, such as a periodic reconciliation of access agreements on file with a listing of new hires, to validate that all new information system users complete USADF system access agreements.