Submitting OIG:
Report Description:
Our objective was to determine whether the U.S. Department of Education’s (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements.
The Department made several improvements in implementing its cybersecurity posture. In FY21 the Department improved in three functional areas and three metric areas from Level 2 Defined to Level 3 Consistently Implemented.
However, its overall IT security programs and practices were not effective in all the five security functions. We had findings in four of the nine metric domains, which included findings with the same or similar conditions identified in prior reports, as well as open findings from previous years where the corrective action plan was not completed.
Although the Department made considerable progress in strengthening its information security programs, we found areas needing improvement in all nine metric domains.
Date Issued:
Friday, October 29, 2021
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A21IT0023
Component, if applicable:
Office of Chief Information Officer
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
16
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
FY22A21IT0023021624v100SECURED.pdf | 10.59 MB |