This audit report concluded that the FCC’s information security program was ineffective and not in compliance with FISMA legislation, OMB guidance, and applicable NIST Special Publications as of August 2020. Specifically, the FISMA evaluation report includes 8 findings and offers 17 recommendations intended to improve the effectiveness of the FCC’s information security program controls. The FCC has made improvements to processes within its information security program since the Fiscal Year 2019 FISMA evaluation in the areas of Identity and Access Management (i.e., separation of duties analysis, reviewing access for privileged users, and user authorization), Data Protection and Privacy (i.e., testing the FCC’s Data Breach Response Plan ), and Incident Response (i.e., documentation of incidents).
Washington, DC
United States
