FISMA requires each Inspector General to conduct an annual independent evaluation of their agency’s information security program, practices, and controls for select systems. The Office of Management and Budget’s (OMB) FY 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics directs Inspectors General to evaluate the maturity level (from a low of 1 to a high of 5) of their agency’s information security program for FY 2024.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
NFR-FISMA-01.1 | No | $0 | $0 | ||
The Commission should continue its efforts to finalize ERM policies and procedures impacting and related to the Identify Function. | |||||
NFR-FISMA-01.2 | No | $0 | $0 | ||
The Commission should Implement effective ERM reporting tools impacting and related to the Identify Function. | |||||
NFR-FISMA-01.3 | No | $0 | $0 | ||
The Commission should ensure system-level Business Impact Analyses are integrated with the ERM program impacting and related to the Recover Function. |