FISMA: IAF's Information Security Program for Fiscal Year 2024 Was Effective, Although Improvements Are Recommended

Date Issued

Friday, August 23, 2024

Submitting OIG

U.S. Agency for International Development OIG

Agencies Reviewed/Investigated

Inter-American Foundation

Report Number

A-IAF-24-002-C

Report Type

Audit

Location

United States

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend that IAF's chief information officer develop and implement a plan, including tools and other resources, to remediate critical and high vulnerabilities within the timeframes specified in the agency's "Information System Security Program Standard Operating Procedures" (February 2022).
2	No	$0	$0
We recommend that IAF's chief information officer update the agency's system security plan to include controls in National Institute of Standards and Technology Special Publication 800-53, Revision 5, "Security and Privacy Controls for Information Systems and Organizations."