We contracted with the independent certified public accounting firm CliftonLarsonAllen LLP (CLA) to conduct an audit of the U.S. African Development Foundation’s (USADF’s) information security program for fiscal year 2021 as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that USADF implemented an effective information security program, which was defined as having an overall mature program based on the fiscal year 2021 inspector general FISMA reporting metrics, but also identified some weaknesses. We made four recommendations to further strengthen USADF’s information security program.
USADF Implemented an Effective Information Security Program for Fiscal Year 2021 in Support of FISMA
Chief Information Security Officer document and implement a process for validating that medium and low risk vulnerabilities are remediated in accordance with the agency's policy.
Chief Information Security Officer develop and implement a process to monitor privileged activities, including which activities to monitor as well as the process and frequency for monitoring those activities.
Chief Financial Officer design and implement a process to screen USADF contractors at the extent and level appropriate to the risks associated with the position.
Chief Information Security Officer develop, document, and disseminate supply chain risk management procedures to facilitate the implementation of the USADF Supply Chain Risk Management Strategy & Policy.