Fiscal Year 2024 Audit of the U.S. Commodity Futures Trading Commission Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024

View Report

Date Issued

Thursday, October 3, 2024

Submitting OIG

Commodity Futures Trading Commission OIG

Other Participating OIGs

Commodity Futures Trading Commission OIG

Agencies Reviewed/Investigated

Commodity Futures Trading Commission

Report Description

FISMA requires each Inspector General to conduct an annual independent evaluation of their agency’s information security program, practices, and controls for select systems. The Office of Management and Budget’s (OMB) FY 2023–2024 Inspector General Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics directs Inspectors General to evaluate the maturity level (from a low of 1 to a high of 5) of their agency’s information security program for FY 2024.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
NFR-FISMA-01.1	No	$0	$0
The Commission should continue its efforts to finalize ERM policies and procedures impacting and related to the Identify Function.
NFR-FISMA-01.2	No	$0	$0
The Commission should Implement effective ERM reporting tools impacting and related to the Identify Function.
NFR-FISMA-01.3	No	$0	$0
The Commission should ensure system-level Business Impact Analyses are integrated with the ERM program impacting and related to the Recover Function.