CNCS has devoted significant resources to improving cybersecurity over the past few years, with meaningful progress. Although its information security program is not yet sufficiently mature, it can reach effectiveness with continued effort and investment.Achieving effectiveness will require attention to weaknesses that pose significant risks to information security. Our 2017 evaluation found inadequacies in risk management, configuration management, identity and access management, information security continuous monitoring, and contingency planning. Enforcement of information security is inconsistent across the enterprise, with field components remaining especially vulnerable. These continuing vulnerabilities leave CNCS operations and assets at risk of unauthorized access, misuse and disruption. Our report offers 34 recommendations to address the identified weaknesses and assist CNCS in strengthening its information security program. Eight of the recommendations relate to prior findings that have not been completely addressed by CNCS.
Report File
Date Issued
Submitting OIG
AmeriCorps, Office of Inspector General
Other Participating OIGs
AmeriCorps, Office of Inspector General
Agencies Reviewed/Investigated
AmeriCorps
Report Number
18-03
Report Description
Report Type
Inspection / Evaluation
Agency Wide
Yes
Number of Recommendations
34
Questioned Costs
$0
Funds for Better Use
$0
Open Recommendations
This report has 1 open recommendations.
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
25 | No | $0 | $0 | ||
Ensure the CNCS GSS Information System Owner establishes and enforces the policy for mobile devices that do not connect to the CNCS GSS to include usage restrictions, configuration and connection requirements, and implementation guidance. (New); |