USAID Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA

Audit Report
Report Number
We contracted with the independent certified public accounting firm CliftonLarsonAllen LLP (CLA) to conduct an audit of USAID’s information security program for fiscal year 2020 as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that USAID generally implemented an effective information security program by implementing 123 of 135 instances of selected security controls for selected information systems, but it also identified some weaknesses. We made seven recommendations to further strengthen USAID’s information security program.