Fiscal Year 2024 Independent Evaluation of the SEC’s Implementation of the FISMA of 2014, Report No. 584

Title Full

Date Issued

Monday, November 25, 2024

Submitting OIG

Securities and Exchange Commission OIG

Agencies Reviewed/Investigated

Securities and Exchange Commission

Report Number

584

Report Description

Fiscal Year 2024 Independent Evaluation of the SEC’s Implementation of the FISMA of 2014, Report No. 584

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 9 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
Complete efforts to document and implement an enterprise-wide risk management strategy that incorporates the review and approval processes set forth in agency policy.
3	Yes	$0	$0
[REDACTED]
4	Yes	$0	$0
[REDACTED]
5	Yes	$0	$0
[REDACTED]
6	Yes	$0	$0
Develop a plan to address the findings of the cybersecurity competency study.
7	Yes	$0	$0
Develop and implement a mechanism to enforce recurring privileged user training for applicable personnel.
8	Yes	$0	$0
Identify a list of SEC teams that operate in capacities relevant to the agency’s incident response capability and provide those teams with training to ensure that they correctly report potential incidents in a timely manner.
9	Yes	$0	$0
Update its business impact analysis template to ensure that the SEC assesses all systems using a correct and comprehensive set of mission-essential functions.
10	Yes	$0	$0
Incorporate assessments of system recovery time objectives into future disaster recovery exercises.