USAID Generally Implemented an Effective Information Security Program for Fiscal Year 2023 in Support of FISMA

Audit Report
Report Number
A-000-23-004-C

USAID Generally Implemented an Effective Information Security Program for Fiscal Year 2023 in Support of FISMA  

Why We Did This Audit

  • We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct an audit of USAID’s information security program in support of the Federal Information Security Modernization act of 2014 (FISMA) and in accordance with generally accepted government auditing standards.
  • FISMA requires federal agencies to develop, document, and implement an agency-wide information security program to protect their information and information systems. FISMA also requires the agency Inspectors General (IGs) to assess the effectiveness of agency information security programs and practices and report the results of the assessments to the Office of Management and Budget.

What We Found

  • CLA concluded that USAID generally implemented an effective information security program based on the FY 2023 IG FISMA reporting metrics. However, CLA found weaknesses in four of nine IG FISMA metric domains.
  • CLA also concluded that USAID took final corrective action to close two of four open recommendations from the FY2020 and FY2021 FISMA audits.

Why It Matters

  • FISMA provides a comprehensive framework for ensuring effective security controls over information resources supporting Federal operations and assets.
  • We made two recommendations to address the weaknesses identified in the report.

Recommendations

Recommendation
1

We recommend that USAID's Chief Information Officer formally document and implement a revised policy for maintaining a system component inventory to include the specific physical location of hardware assets.

Questioned Cost
0
Funds for Better Use
0
Close Date
Recommendation
2

We recommend that USAID's Chief Information Officer fully implement event logging requirements in accordance with Office
of Management and Budget, Memorandum M-21-31.

Questioned Cost
0
Funds for Better Use
0
Close Date