Sorry, you need to enable JavaScript to visit this website.
Skip to main content
Report File
Date Issued
Submitting OIG
Peace Corps OIG
Agencies Reviewed/Investigated
Peace Corps
Components
Agency-wide
Report Number
IG-26-01-SR
Report Description

The objective of this Federal Information Security Modernization Act of 2014 (FISMA) review was to determine the effectiveness of the Peace Corps’ information security program and practices based on the fiscal year (FY) 2025 Inspector General (IG) FISMA Reporting Metrics v2.0,1 which are categorized into 6 functional areas and 10 associated domains. The review also evaluated the Peace Corps’ efforts in addressing previously issued exceptions and recommendations.

Report Type
Other
Agency Wide
Yes
Number of Recommendations
5
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 5 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
2025-1 No $0 $0

OIG recommends that the Peace Corps develops and implements formal policies and procedures for establishing and maintaining its target cybersecurity profile(s). (Metric 1)

2025-2 No $0 $0

OIG recommends that the Peace Corps implements formal processes to ensure externally sourced products, systems, components, and services comply with its cybersecurity and supply chain risk management requirements, including integration into procurement and vendor management activities. (Metric 5)

2025-3 No $0 $0

OIG recommends that the Peace Corps develops and implements formal policies and procedures for maintaining a comprehensive inventory of data and corresponding metadata. (Metric 10)

2025-4 No $0 $0

OIG recommends that the Peace Corps allocates the necessary resources to ensure that baseline configurations and associated deviations are reviewed and updated at least annually. (Metric 14)

2025-5 No $0 $0

OIG recommends that the Peace Corps prioritize the procurement and implementation of a Data Loss Prevention solution to enhance its ability to detect and prevent unauthorized data exfiltration. (Metric 22)

Peace Corps OIG