Public Report on the Federal Communications Commission’s Fiscal Year 2022 Federal Information Security Management Act Evaluation

View Report

Date Issued

Monday, March 13, 2023

Submitting OIG

Federal Communications Commission OIG

Other Participating OIGs

Federal Communications Commission OIG

Agencies Reviewed/Investigated

Federal Communications Commission

Report Number

22-EVAL-06-01

Report Description

This audit report found that the FCC security programs were ineffective in seven of the nine metric domains. The contractor’s assessment of the overall maturity of each metric domain remained relatively consistent with the prior year. The Supply Chain Risk Management domain is the one metric domain that improved from the prior year. The FISMA evaluation report included eight findings with 21 recommendations intended to 2 improve the effectiveness of the FCC’s information security program controls. FCC management concurred with the findings.

Report Type

Inspection / Evaluation

Location

Washington, DC
United States

Number of Recommendations

Questioned Costs

Funds for Better Use

Additional Details

https://www.fcc.gov/inspector-general/reports/audit

External Entity

N/A

External Link

https://www.fcc.gov/sites/default/files/22-eval-06-01_fisma_tm_03132023.pdf

Open Recommendations

This report has 8 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Risk Management
2	No	$0	$0
Risk Management
5	No	$0	$0
Supply Chain Risk Management
12	No	$0	$0
Identity Access Management
13	No	$0	$0
Identity Access Management
14	No	$0	$0
Identity and Access Management
17	No	$0	$0
Configuration Management
18	No	$0	$0
Configuration Management