USAID Implemented an Effective Information Security Program for Fiscal Year 2021 in Support of FISMA

Audit Report
Report Number
A-000-22-005-C

We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP to conduct an audit of USAID’s information security program for fiscal year 2021 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that USAID implemented an effective information security program, which was defined as having an overall mature program based on the fiscal year 2021 inspector general FISMA reporting metrics. However, CLA identified weaknesses in four of nine FISMA reporting metric domains. We made two recommendations to address these weaknesses and further strengthen USAID’s information security program.

Recommendations

Recommendation
1

Implement a process to automatically disable system user accounts after 90 days of inactivity or implement a daily review process to ensure that accounts are disabled after 90 days of inactivity.

Questioned Cost
0
Funds for Better Use
0
Close Date
Recommendation
2

Address the management of system components requiring repair or service in its Supply Chain Risk Management Standard Operating Procedures.

Questioned Cost
0
Funds for Better Use
0
Close Date