Results of the Evaluation of the FY 2022 Denali Commission Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics

This report summarizes the results of our fiscal year (FY 2022) Federal Information Security Modernization Act (FISMA) evaluation and assesses the maturity of controls used to address risks in each of the nine information security areas, called domains. We assessed the effectiveness of information security programs on the required maturity model spectrum, which is a rating scale for information security. We rated the Denali Commission’s overall program of information security as “effective.” A majority of the FY 2022 FISMA metrics were rated Defined (Level 2). Three of four recommendations for corrective action from the FY 2021 evaluation have been implemented.