Audit of USAID's Federal Information Security Management Act of 2002 Action Plan
Recommendations
The Chief Information Officer update the USAID FISMA Cybersecurity Roadmap and Work Plan to address each activity and milestone clearly in the Federal Information Security Management Act action plan.
The Chief Information Officer fully implement a process to test FISMA Action Plan activities identified as complete before closing them in the USAID FISMA Cybersecurity Roadmap and Work Plan.
The Chief Information Officer test activities already identified as complete to verify they have been implemented fully and effectively.
The Chief Information Officer document and implement a formal process to centrally review all USAID security assessment packages for proper selection, documentation, and evaluation of security controls before the packages are sent to the Chief Information Officer for approval.