Evaluation of the CPSC's FISMA Implementation for FY 2024

View Report

Date Issued

Tuesday, July 30, 2024

Submitting OIG

Consumer Product Safety Commission OIG

Other Participating OIGs

Consumer Product Safety Commission OIG

Agencies Reviewed/Investigated

Consumer Product Safety Commission

Report Number

24-A-04

Report Description

The U.S. Consumer Product Safety Commission (CPSC) OIG retained Williams, Adley, & Co.-DC LLP (Williams Adley, we), an independent public accounting firm, to perform the independent evaluation of the CPSC’s implementation of FISMA for FY 2024 and to determine the effectiveness of its information security program. This report documents the results of the OIG’s FISMA evaluation. Specifically, we assessed the CPSC’s compliance with the annual Inspector General (IG) FISMA reporting metrics set forth by the DHS and OMB. Agency efforts are scored against a five level maturity model ranging from level one, “ad hoc,” to level five, “optimized,” with level four, “managed and measurable,” generally considered effective.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Develop qualitative and quantitative performance measures to evaluate the effectiveness of the following: Configuration Management plan and change control activities.
2	No	$0	$0
Perform a cost benefit analysis of introducing automation to support the testing of system contingency plans; and apply the appropriate risk mitigation strategy.
3	No	$0	$0
Fully implement its processes for information system back up for General Support System Cloud.