DFC Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA

Audit Report
Report Number
A-DFC-21-005-C
We contracted with the independent certified public accounting firm CliftonLarsonAllen LLP to conduct an audit of the U.S. International Development Finance Corporation’s (DFC’s) information security program for fiscal year 2020 as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that DFC generally implemented an effective information security program by implementing 66 of 75 instances of selected security controls for selected information systems, but it also identified some weaknesses. We made four recommendations to further strengthen DFC’s information security program.

Recommendations

Recommendation 1

DFC's Chief Information Officer take the following actions: Review and update privacy policies and breach response procedures to accurately reflect the Corporation's operating environment.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 2

DFC's Chief Information Officer take the following actions: Implement a process to validate completion of rules of behavior and security and privacy awareness training prior to providing system access.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 3

DFC's Chief Information Officer take the following actions: Implement multifactor authentication for network access for privileged accounts.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 4

DFC's Chief Information Officer take the following actions: Implement session disconnect for virtual private network connections to comply with DFC requirements.

Questioned Cost:
$0
Funds For Better Use:
$0