The U.S. Department of Education’s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014

Our FY 2014 review found that the Department’s information technology security program generally complied with FISMA and related Office of Management and Budget information security standards and that the Department had made progress in strengthening its information security program; however, many longstanding weaknesses remain and the Department’s information systems continue to be vulnerable to serious security threats. We found that the Department did not fully comply with 6 of the 11 FISMA reporting metrics and has still had not addressed problems identified in previous OIG audit reports, as our work showed repeat or modified repeat findings for five reporting metrics identified in OIG reports issued from FY 2011 through FY 2013.