Evaluation of the FTC's Information Security Program and Practices for Fiscal Year 2014

The Federal Information Security Management Act of 2002 (FISMA) provides a comprehensive framework for ensuring the effectiveness of technical, administrative, and physical security controls over federal information resources. FISMA requires an annual OIG evaluation of compliance with its requirements and related information security policies, procedures, standards, and guidelines -- as well as an assessment of the level of security afforded to associated information assets. The FTC OIG contracted with Allied Technology Group, Inc., to conduct an independent evaluation to determine the status of the FTC's information and privacy programs at the end of FY 2014, as required under FISMA and associated guidance.