FY24 FISMA Evaluation for the FCC

Title Full

FY 24 Federal Information Security
Modernization Act of 2014 (FISMA) Evaluation
for the Federal Communications Commission

Date Issued

Tuesday, January 7, 2025

Submitting OIG

Federal Communications Commission OIG

Agencies Reviewed/Investigated

Federal Communications Commission

Report Number

24-EVAL-05-01

Report Description

Kearney determined that the Commission’s FY 2024 information security program was not in compliance with FISMA legislation, OMB guidance, and applicable NIST special publications.

The FISMA evaluation report includes seven findings and offers 27 recommendations to improve the effectiveness of FCC’s information security program controls. Of the 27 recommendations issued, 21 are either repeats or updates from prior FISMA evaluations, and six address new deficiencies identified in FY 2024.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Additional Details

https://www.fcc.gov/inspector-general/reports-publications/audits

External Link

https://www.fcc.gov/inspector-general/reports-publications/audits

Open Recommendations

This report has 10 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
6	No	$0	$0
Risk Management
7	No	$0	$0
Risk Management
20	No	$0	$0
Identity Access Management
23	No	$0	$0
USAC - Access Controls
24	No	$0	$0
USAC - Access Controls
25	No	$0	$0
USAC - Access Controls
10	No	$0	$0
Supply Chain Risk Management
12	No	$0	$0
Configuration Management
13	No	$0	$0
Identity Access Management
22	No	$0	$0
USAC - Access Controls