Federal Reports

The objective of this review was to perform an independent assessment of the Peace Corps’ information security program, including testing the effectiveness of security controls for a subset of systems as required, for FY 2018. Our results demonstrate that the Peace Corps lacks an effective information security program. We found problems relating to people, processes, and technology. Furthermore, OIG found weaknesses across all the FISMA reportable areas. To ensure the agency’s information, operations, and assets are protected, it is critical that the Peace Corps achieve full compliance with FISMA and other Federal laws and regulations that apply to managing its IT security infrastructure.

This evaluation focused on the appropriateness of programming, training, and evaluation; the adequacy of Volunteer support; and the effectiveness of post leadership and management. This report contains 24 recommendations, which, if implemented, should strengthen post operations and correct the deficiencies detailed in the report.

The Office of Inspector General for the National Credit Union Administration (NCUA) engaged CliftonLarsonAllen LLP (CLA) to independently evaluate the NCUA's information security and privacy management programs and controls for compliance with the Federal Info1mation Security Modernization Act of 2014 and federal regulations and standards.CLA evaluated the NCUA's information security and privacy management programs through interviews, documentation reviews, technical configuration reviews, and sample testing. This year, CLA also conducted a vulnerability assessment of NCUA's network.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.