Audit of the U.S. Election Assistance Commission's Compliance with the Federal Information Security Modernization Act for Fiscal Year 2024

View Report

Date Issued

Tuesday, September 24, 2024

Submitting OIG

Election Assistance Commission OIG

Other Participating OIGs

Election Assistance Commission OIG

Agencies Reviewed/Investigated

Election Assistance Commission

Report Number

P24HQ0052-24-15

Report Description

The independent public accounting firm of RMA Associates, LLC, under contract with the Office of Inspector General, audited EAC’s information security program for fiscal year 2024 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The objective was to determine whether EAC implemented an effective information security program.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2	No	$0	$0
We recommend that the Chief Information Security Officer develop and implement procedures to leverage the Repository for Software Attestation and Artifacts to obtain sufficient assurance that the security and supply chain controls of systems or services provided by contractors or other entities on behalf of the organization meet FISMA requirements.
6	No	$0	$0
We recommend that the Election Assistance Commission's Chief Information Officer establish and implement a formal Information Security Continuous Monitoring Strategy and an effective monitoring mechanism to track the progress of ongoing lessons learned.
7	No	$0	$0
We recommend that the Election Assistance Commission's Chief Information Officer identify and employ an automated notification mechanism to test its system level contingency plans thoroughly and effectively.