Final Report - Evaluation of the Commission's FY 2025 FISMA - OA-2025-04

View Report

Date Issued

Friday, January 30, 2026

Submitting OIG

U.S. AbilityOne Commission OIG

Agencies Reviewed/Investigated

Committee for Purchase From People Who Are Blind or Severely Disabled (AbilityOne Program)

Report Number

OA-2025-04

Report Description

The Office of Inspector General engaged the independent public accounting firm Harper, Rains, Knight, & Company, P.A. (HRK) to conduct the annual Federal Information Security Modernization Act (FISMA) evaluation and complete the FY 2025 Inspector General (IG) FISMA Reporting Metrics.

The objective of the evaluation was to assess the effectiveness of the Commission's information security program and practices for FY 2025. HRK determined the Commission’s maturity levels were consistently implemented and its information security program and practices were effective.

HRK identified one new finding with three corresponding recommendations.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
01	No	$0	$0
Review the installed applications on all issued laptops/desktops/endpoints to ensure no unauthorized software is present and take appropriate action if unauthorized software is present.
02	No	$0	$0
Review the Commission’s "user" setting population to ensure each "user" is properly configured in compliance with Commission's approved Group Policy Objectives (GPO). Make the appropriate corrections to user configurations, as appropriate.
03	No	$0	$0
Review and update Active Directory settings and Microsoft Defender and Intune policies to ensure unauthorized software cannot be installed.