Review of the Postal Regulatory Commission’s Compliance With the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024

View Report

Date Issued

Friday, September 27, 2024

Submitting OIG

U.S. Postal Service OIG

Other Participating OIGs

U.S. Postal Service OIG

Agencies Reviewed/Investigated

U.S. Postal Service

Report Number

24-097-R24

Report Description

This report presents the results of our audit of the United States Postal Regulatory Commission’s(PRC) Compliance with the Federal Information Security Modernization Act of 2014 for FiscalYear 2024.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 9 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
Design and implement risk management and general support system policies, procedures, and processes that address National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1 control requirements.
2	Yes	$0	$0
Design and implement Supply Chain Risk Management policies, procedures, and processes that address National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1 control requirements.
3	Yes	$0	$0
Develop and implement agency-wide Configuration Management policies, procedures, and processes, that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1, control requirements.
4	Yes	$0	$0
Develop and implement agency-wide identity access management policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev 5, Rel. 5.1.1, controls requirements.
5	Yes	$0	$0
Develop and implement agency-wide data protection and privacy policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel. 5.1.1 control requirements.
6	Yes	$0	$0
Develop and implement agency-wide Security Training policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5.1, Rel. 5.1.1, control requirements.
7	Yes	$0	$0
Finalize and implement its Information Security Continuous Monitoring plan and update the plan and any additional procedures and processes to address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel. 5.1.1, control requirements.
8	Yes	$0	$0
Develop and implement agency-wide incident response policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel 5.1.1, control requirements.
9	Yes	$0	$0
Develop and implement agency-wide contingency planning policies, procedures, and processes that address applicable National Institute of Standards and Technology Special Publication 800-53, Rev. 5, Rel 5.1.1, control requirements.