Evaluation of DHS' Information Security Program for Fiscal Year 2017

We reviewed DHS’ information security program in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). Our objective was to determine whether DHS’ information security program and practices were adequate and effective in protecting the information and information systems that supported DHS’ operations and assets in fiscal year 2017. The Department of Homeland Security could protect its information and systems more fully and effectively. DHS’ information security program fell one level below the targeted “Level 4” in three of five areas listed in this year’s FISMA reporting instructions.