Performance Audit of United States Capitol Police Fiscal Year 2015 Information Security Program

In accordance with our annual plan, the United States Capitol Police (USCP or the Department) Office of Inspector General (OIG) engaged Cotton & Company LLP to conduct an independent performance audit of USCP's information security program. Our audit focused on two overarching areas: The Department's current vulnerability management practices and its cyber security framework and risk management processes. We considered policies, procedures, and processes for both the USCP Office of Information Services (OIS) and the Security Services Bureau (SSB) as of March 27, 2015.