​FY 2017 Independent Evaluation of the National Credit Union Administration's Compliance with the Federal Information Security Modernization Act of 2014

The NCUA OIG engaged CliftonLarsonAllen LLP to independently evaluate the NCUA’s information security and privacy management programs and controls for compliance with FISMA 2014 and federal regulations and standards. CLA evaluated the NCUA’s information security and privacy management programs through interviews, documentation reviews, technical configuration reviews, and sample testing. CLA evaluated the NCUA against such laws, standards, and requirements as those provided through FISMA 2014, the E-Government Act, National Institute of Standards and Technology standards and guidelines, the Privacy Act, and Office of Management and Budget memoranda and privacy and information security policies.