The objective of the FY 2025 Federal Information Security Modernization Act (FISMA) audit was to determine whether the U.S. Department of Education’s (Department) overall information technology (IT) security program and practices are effective as they relate to Federal information security requirements. To determine the effectiveness of the Department’s information security program, the audit team utilized the FY 2025 Inspector General FISMA reporting metrics, which required that an independent assessor evaluate core and supplemental reporting metrics identified by the Office of Management and Budget. To properly conclude on the effectiveness of the Department’s information security program and practices, a rotational strategy was used to select five in-scope systems not evaluated in the previous year’s audit. Overall, the audit team found that the Department’s information security programs and practices were effective supporting the five in-scope systems, as nine out of 10 FISMA domains were effective, and one FISMA domain was not effective. Additionally, a total of 16 conditions were identified and 5 recommendations were made across the ten FISMA domains indicating potential areas of improvement for the Department.
Report File
Date Issued
Submitting OIG
Department of Education OIG
Agencies Reviewed/Investigated
Department of Education
Report Number
A25IT0212
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
5
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No