Submitting OIG:
Report Description:
This audit report determined that the Commission’s FY 2023 information security program was not in compliance with FISMA legislation, OMB guidance, and applicable NIST special publications. Five of the nine domains Kearney evaluated warrant additional management attention to address identified deficiencies - Risk Management, Supply Chain Risk Management, Configuration Management, Identity and Access Management, and Information Security Continuous Monitoring. Specifically, the FISMA evaluation report includes seven findings and offers 25 recommendations to improve the effectiveness of the FCC’s information security program controls. FCC continues to work towards an effective overall maturity level for its information security program.
Short / Alternative Report Title:
FY 2023 FISMA Evaluation
Date Issued:
Friday, January 5, 2024
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
23-EVAL-05-01
External entity, if applicable:
N/A
Location(s):
Washington, DC
United StatesType of Report:
Inspection / Evaluation
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
25
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
23-eval-05-01pfisma01052024.pdf | 399.65 KB |
Additional Details Link: