The Federal Information Security Modernization Act (FISMA) (Public Law 113-283) requires Federal agencies to have an annual independent evaluation of their information security programs and practices. This evaluation can be performed by either the agency’s Office of Inspector General (OIG) or by an independent external auditor, as determined by the OIG, to determine the effectiveness of such programs and practices. KPMG, an independent public accounting firm, performed the DOI fiscal year 2018 FISMA audit under a contract issued by the DOI and monitored by the OIG.KPMG reviewed information security practices, policies, and procedures at the DOI Office of the Chief Information Officer and 11 DOI bureaus and offices, and identified needed improvements in the areas of configuration management, identity and access management, data protection and privacy, contingency planning and incident response. KPMG made 18 recommendations related to these control weaknesses that were intended to strengthen the Department’s information security program, as well as those of the Bureaus and Offices. In its response to the draft report, the Office of the Chief Information Officer concurred with all recommendations and established a target completion date for each corrective action.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of the Interior | Independent Auditors’ Performance Audit Report on the U.S. Department of the Interior Federal Information Security Modernization Act for Fiscal Year 2018 | Audit | Agency-Wide | View Report | |
| Department of Homeland Security | Review of U.S. Immigration and Customs Enforcement's Fiscal Year 2018 Drug Control Performance Summary Report | Audit | Agency-Wide | View Report | |
| Department of Justice | Audit of the Drug Enforcement Administration’s Information Security Program Pursuant to the Federal Information Security Modernization Act of 2014 Fiscal Year 2018 | Audit | Agency-Wide | View Report | |
| Department of Justice | Audit of the Drug Enforcement Administration’s Aviation Division Office Internet System Pursuant to the Federal Information Security Modernization Act of 2014 Fiscal Year 2018 | Audit | Agency-Wide | View Report | |
| Federal Housing Finance Agency | FHFA’s Offboarding Controls over Access Cards, Sensitive IT Assets, and Records Were Not Always Documented or Followed During 2016 and 2017 | Audit | Agency-Wide | View Report | |
| Federal Housing Finance Agency | FHFA’s Controls over Post-Employment Restrictions and Financial Disclosure Requirements for Offboarded Employees Were Followed During 2016 and 2017 | Audit | Agency-Wide | View Report | |
| Federal Housing Finance Agency | Summary of Administrative Inquiry: The Office Inspector General's Review of Alleged Badgering and Harassment of FHFA Employees that Play an Important Role in the Agency's Internal Control Framework | Other | Agency-Wide | View Report | |
| Department of Defense | Audit of Management of Government‑Owned Property Supporting the F‑35 Program | Audit | Agency-Wide | View Report | |
| Department of Labor | FY 2018 FISMA Information Security Report | Inspection / Evaluation | Agency-Wide | View Report | |
| Department of Commerce | USPTO Needs to Improve Management over the Implementation of the Trademark Next Generation System | Audit | Agency-Wide | View Report | |
