The U.S. International Development Finance Corporation Office of Inspector General (OIG) contracted with the independent public accounting firm RMA Associates, LLC (RMA) to conduct the Federal Information Security Modernization Act of 2014 (FISMA) audit of the United States International Development Finance Corporation (DFC) for Fiscal Year (FY) 2023 to evaluate the effectiveness of the DFC's information security program and practices, and determine what maturity level DFC achieved for each of the core metrics outlined in the FY 2023 - 2024 Inspectors General (IG) FISMA Reporting Metrics. Our objectives were to evaluate the effectiveness of the DFC's information security program and practices, and determine what maturity level DFC achieved for each of the core metrics outlined in the FY 2023 - 2024 IG FISMA Reporting Metrics.
Report File
Date Issued
Submitting OIG
U.S. Development Finance Corporation OIG
Other Participating OIGs
U.S. Development Finance Corporation OIG
Agencies Reviewed/Investigated
U.S. International Development Finance Corporation
Report Number
DFC-24-001-C
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
2
Questioned Costs
$0
Funds for Better Use
$0
Open Recommendations
This report has 2 open recommendations.
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1 | No | $0 | $0 | ||
| The DFC Chief Information Officer must prioritize efforts to enhance DFC's existing vulnerability management process to ensure sufficient identification, prioritization, and remediation of critical and high vulnerabilities in a timely manner in accordance with DFC's policy. | |||||
| 2 | No | $0 | $0 | ||
| The DFC Chief Information Officer must implement the necessary oversight to monitor Cybersecurity Security Assessment and Management(CSAM) to ensure that SSPs are reviewed and authorized in accordance with the timeliness requirements in DFC's policy. | |||||
