Submitting OIG:
Report Description:
This audit report concluded that the FCC’s information security program was ineffective and not in compliance with FISMA legislation, OMB guidance, and applicable NIST Special Publications as of August 2020. Specifically, the FISMA evaluation report includes 8 findings and offers 17 recommendations intended to improve the effectiveness of the FCC’s information security program controls. The FCC has made improvements to processes within its information security program since the Fiscal Year 2019 FISMA evaluation in the areas of Identity and Access Management (i.e., separation of duties analysis, reviewing access for privileged users, and user authorization), Data Protection and Privacy (i.e., testing the FCC’s Data Breach Response Plan ), and Incident Response (i.e., documentation of incidents).
Short / Alternative Report Title:
FY 2020 FISMA Evaluation
Date Issued:
Tuesday, December 22, 2020
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
20-EVAL-07-01
External entity, if applicable:
N/A
Location(s):
Washington, DC
United StatesType of Report:
Inspection / Evaluation
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
17
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
20-eval-07-01pfy20fisma12222020.pdf | 330.1 KB |
Additional Details Link: