U.S. Department of Education Federal Information Security Modernization Act of 2014 Report

The Federal Information Security Modernization Act (FISMA) requires OIGs to annually assess the effectiveness of the agency’s information security program. Each independent evaluation must include a test of the effectiveness of information security policies, procedures, and practices of a representative subset of the agency’s information systems and an assessment of the effectiveness of the information security policies, procedures, and practices of the agency. For FY 2024, the auditors determined that the Department’s overall IT security program and practices are effective as eight out of the nine FISMA domains met the requirements needed to operate at a Level 4 maturity rating (Managed and Measurable) or higher. The auditors also identified a total of six conditions across the nine FISMA domains indicating potential areas of improvement for the Department.