USADF Implemented an Effective Information Security Program for Fiscal Year 2021 in Support of FISMA

Audit Report
Report Number
A-ADF-22-001-C

We contracted with the independent certified public accounting firm CliftonLarsonAllen LLP (CLA) to conduct an audit of the U.S. African Development Foundation’s (USADF’s) information security program for fiscal year 2021 as required by the Federal Information Security Modernization Act of 2014 (FISMA).  The audit firm concluded that USADF implemented an effective information security program, which was defined as having an overall mature program based on the fiscal year 2021 inspector general FISMA reporting metrics, but also identified some weaknesses.  We made four recommendations to further strengthen USADF’s information security program.

Recommendations

Recommendation
1

Chief Information Security Officer document and implement a process for validating that medium and low risk vulnerabilities are remediated in accordance with the agency's policy.

Questioned Cost
0
Funds for Better Use
0
Recommendation
2

Chief Information Security Officer develop and implement a process to monitor privileged activities, including which activities to monitor as well as the process and frequency for monitoring those activities.

Questioned Cost
0
Funds for Better Use
0
Recommendation
3

Chief Financial Officer design and implement a process to screen USADF contractors at the extent and level appropriate to the risks associated with the position.

Questioned Cost
0
Funds for Better Use
0
Recommendation
4

Chief Information Security Officer develop, document, and disseminate supply chain risk management procedures to facilitate the implementation of the USADF Supply Chain Risk Management Strategy & Policy.

Questioned Cost
0
Funds for Better Use
0