FISMA: Overall Effectiveness of USADF's Information Security Program for FY 2025 Could Not Be Determined and Weaknesses Exist

Date Issued

Tuesday, January 13, 2026

Submitting OIG

U.S. Agency for International Development OIG

Agencies Reviewed/Investigated

U.S. African Development Foundation

Report Number

A-ADF-26-001-M

Report Type

Audit

Location

United States

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend that USADF's Chief Information Officer remediate the 122 high-risk and 23 critical vulnerabilities identified by USADF's December 2, 2024, scans.
2	No	$0	$0
We recommend that USADF's Chief Information Officer evaluate its vulnerability remediation process to determine why high and critical vulnerabilities were not addressed within required time frames and implement corrective actions as appropriate.
3	No	$0	$0
We recommend that USADF's Chief Information Officer finalize the enterprise risk management plan to define roles, responsibilities, and authority for cybersecurity risk management.
4	No	$0	$0
We recommend that USADF's Chief Information Officer determine why the enterprise risk management plan was not finalized and implement corrective action as appropriate.
5	No	$0	$0
We recommend that USADF's Chief Information Officer determine whether USADF updated its cybersecurity training strategy and plans to incorporate the results of the workforce assessments and, if not, update and implement the strategy and plan.