Although the Department and FSA made progress in strengthening their information security programs, we found weaknesses in the Department’s and FSA’s information systems, and those systems continued to be vulnerable to security threats. As guided by the maturity model used in the FY 2017 IG FISMA Metrics, we found the Department and FSA were not effective in all five security functions—Identify, Protect, Detect, Respond, and Recover. We also identified findings in all seven metric domains: (1) Risk Management, (2) Configuration Management, (3) Identity and Access Management, (4) Security Training, (5) Information Security Continuous Monitoring, (6) Incident Response, and (7) Contingency Planning.
Tuesday, October 31, 2017
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
Type of Report:
Number of Recommendations: