The U.S. International Development Finance Corporation Office of Inspector General (OIG) contracted with the independent public accounting firm RMA Associates, LLC (RMA) to conduct the Federal Information Security Modernization Act of 2014 (FISMA) audit of the United States International Development Finance Corporation (DFC) for Fiscal Year (FY) 2023 to evaluate the effectiveness of the DFC's information security program and practices, and determine what maturity level DFC achieved for each of the core metrics outlined in the FY 2023 - 2024 Inspectors General (IG) FISMA Reporting Metrics. Our objectives were to evaluate the effectiveness of the DFC's information security program and practices, and determine what maturity level DFC achieved for each of the core metrics outlined in the FY 2023 - 2024 IG FISMA Reporting Metrics.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
The DFC Chief Information Officer must prioritize efforts to enhance DFC's existing vulnerability management process to ensure sufficient identification, prioritization, and remediation of critical and high vulnerabilities in a timely manner in accordance with DFC's policy. | |||||
2 | No | $0 | $0 | ||
The DFC Chief Information Officer must implement the necessary oversight to monitor Cybersecurity Security Assessment and Management(CSAM) to ensure that SSPs are reviewed and authorized in accordance with the timeliness requirements in DFC's policy. |