The U.S. Consumer Product Safety Commission (CPSC) OIG retained Williams, Adley, & Co.-DC LLP (Williams Adley, we), an independent public accounting firm, to perform the independent evaluation of the CPSC’s implementation of FISMA for FY 2024 and to determine the effectiveness of its information security program. This report documents the results of the OIG’s FISMA evaluation. Specifically, we assessed the CPSC’s compliance with the annual Inspector General (IG) FISMA reporting metrics set forth by the DHS and OMB. Agency efforts are scored against a five level maturity model ranging from level one, “ad hoc,” to level five, “optimized,” with level four, “managed and measurable,” generally considered effective.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
Develop qualitative and quantitative performance measures to evaluate the effectiveness of the following: Configuration Management plan and change control activities. | |||||
2 | No | $0 | $0 | ||
Perform a cost benefit analysis of introducing automation to support the testing of system contingency plans; and apply the appropriate risk mitigation strategy. | |||||
3 | No | $0 | $0 | ||
Fully implement its processes for information system back up for General Support System Cloud. |