What Was Reviewed
The U.S. International Development Finance Corporation Office of Inspector General contracted with the independent public accounting firm RMA Associates, LLC (RMA) to conduct the Federal Information Security Modernization Act of 2014 (FISMA) Performance Audit of the United States International Development Finance Corporation (DFC) for Fiscal Year (FY) 2025 to evaluate the effectiveness of the DFC’s information security program and practices, and determine what maturity level DFC achieved for each of the core metrics and supplemental metrics outlined in the FY 2025 Inspectors General (IG) FISMA Reporting Metrics v2.0 (April 2025).
Our objective was to evaluate the effectiveness of the DFC’s information security program and practices and determine the maturity level DFC achieved for each of the core metrics and supplemental metrics outlined in the FY 2025 IG FISMA Reporting Metrics v2.0 (April 2025).
What Was Found
In this Performance Audit of DFC, RMA determined that DFC’s information security program and practices were effective for FY 2025, as DFC’s information security program met the criteria required to be assessed at a maturity level of Managed and Measurable (Effective). RMA’s tests of the information security program identified two findings that fell within the data protection and privacy and information security continuous monitoring domains.
