Submitting OIG:
Report Description:
Our objective was to determine whether the U.S. Department of Education’s (Department) and Federal Student Aid’s (FSA) overall information technology security programs and practices were effective as they relate to Federal information security requirements. The Fiscal Year 2018 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics (FY 2018 IG FISMA Metrics) are grouped into five cybersecurity framework security functions that have a total of eight metric domains. Per the FY 2018 IG FISMA Metrics, we found the Department and FSA were not effective in any of the five security functions—Identify, Protect, Detect, Respond, and Recover. We also identified findings in all eight metric domains, of which seven are repeat findings.
Date Issued:
Wednesday, October 31, 2018
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A11S0001
Component, if applicable:
Office of Deputy Secretary
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
45
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
FY19A11S0001031224v100SECURED.pdf | 5.27 MB |
Additional Details Link: