IAF Generally Implemented an Effective Information Security Program for Fiscal Year 2023 in Support of FISMA

Why We Did This Audit

• We contracted with the independent certified public accounting firm of RMA Associates LLC (RMA) to conduct an audit of the Inter-American Foundation’s (IAF’s) information security program in support of the Federal Information Security Modernization act of 2014 (FISMA) and in accordance with generally accepted government auditing standards.
• FISMA requires federal agencies to develop, document, and implement an agency-wide information security program to protect their information and information systems. FISMA also requires the agency Inspectors General (IGs) to assess the effectiveness of agency information security programs and practices and report the results of the assessments to the Office of Management and Budget.
• The objective of this performance audit was to determine whether IAF implemented an effective information security program for Fiscal Year (FY) 2023.

What We Found

• RMA concluded that IAF generally implemented an effective information security program. RMA also concluded that IAF took final corrective action on seven of eight open recommendations from the FY2020 and FY2021 FISMA audits.
• However, RMA found weaknesses in two of nine FISMA metric domains, Identity and Access Management and Incident Response.

Why It Matters

• FISMA provides a comprehensive framework for ensuring effective security controls over information resources supporting Federal operations and assets.
• We made three recommendations to address the weaknesses identified in the report.