Fiscal Year 2022 Evaluation of the U.S. AbilityOne Commission’s Compliance with the Federal Information Security Modernization Act (FISMA)

View Report

Date Issued

Tuesday, December 6, 2022

Submitting OIG

U.S. AbilityOne Commission OIG

Other Participating OIGs

U.S. AbilityOne Commission OIG

Agencies Reviewed/Investigated

Committee for Purchase From People Who Are Blind or Severely Disabled (AbilityOne Program)

Report Number

2022-12-06

Report Description

The objective of the evaluation was to assess the compliance of the Commission’s information security policies, procedures and standards and guidelines with the Federal Information Security Modernization Act (FISMA).

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use	Additional Details
01	No	$0	$0	CIO-2022-01
The Commission IT staff evaluate the Supply Chain policy against the requirements of NIST 800-53 Rev. 5 to ensure compliance for each of the individual controls.
04	No	$0	$0	CIO-2022-04
Ensure that a BIA is prepared, completed and approved. After the initial BIA is put in place, it should be updated whenever significant updates to the GSS are implemented.