USAID Implemented a Managed and Measurable Information Security Program for Fiscal Year 2022 in Support of FISMA

Audit Report
Report Number

We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct an evaluation of the U.S. Agency for International Development’s (USAID’s) information security program for fiscal year 2022 in support of the Federal Information Security Modernization Act of 2014 (FISMA). CLA reported that USAID implemented a managed and measurable information security program based on a calculation of the maturity levels USAID achieved for each of its core FISMA reporting metrics. CLA concluded that, for the 20 core metrics, USAID’s information security program was optimized for 4 metrics, managed and measurable for 10 metrics, consistently implemented for 3 metrics, and defined for 3 metrics. The report does not contain recommendations.