Submitting OIG:
Report Description:
Our objective was to assess the U.S. Department of Education’s (Department) progress at improving the maturity of its security program and practices as required by the Federal Information Security Modernization Act of 2014 (FISMA).
We made 77 recommendations to improve the Department's cybersecurity posture in our FYs 2019, 2020, and 2021 reports. At the start of our fieldwork, there were 29 closed and 48 open recommendations. In FY 2022, we reviewed 38 open recommendations and found the Department took action to close 28 recommendations, with 10 remaining open. Additionally, there were another 10 open recommendations that were scheduled for implementation after the close of our fieldwork.
At the completion of our FY 2022 inspection, out of 77 recommendations, 57 were closed and 20 remained open.
To answer this objective, we rated the Department’s performance in accordance with OMB’s guidance on the 20 metric areas required for FY 2022. These metrics represent 20 of the 66 metrics that were used to assess the Department’s effectiveness for FY 2021. In September 2020, revision 5 of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations was issued. Usually, a 1-year period is allowed for implementation of the new requirements. With the removal of 46 metric questions, for FY 2022, we were not able to test if the Department implemented these new requirements for these questions.
Date Issued:
Thursday, July 28, 2022
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
I22IT0066
Component, if applicable:
Office of Chief Information Officer
Location(s):
Agency-Wide
Type of Report:
Inspection / Evaluation
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
10
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
FY22I22IT0066020724v100SECURED.pdf | 4.11 MB |
Additional Details Link: