Review of the Peace Corps' Information Security Program for FY 2022

Date Issued

Friday, September 30, 2022

Submitting OIG

Peace Corps OIG

Other Participating OIGs

Peace Corps OIG

Agencies Reviewed/Investigated

Peace Corps

Components

Agency-wide

Report Type

Review

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
that the Director develop a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.
2	Yes	$0	$0
OIG recommended that the Director appoint the chief information security officer to serve on the Enterprise Risk Management Council as a voting member
3	Yes	$0	$0
OIG recommended that that the Director further define and implement the Enterprise Risk Management program to ensure information security risks are communicated and monitored at the system, business process, and entity levels.
4	Yes	$0	$0
OIG recommended that the Chief Information Officer perform a full security assessment of the General Support System to obtain a complete understanding of system weaknesses
5	Yes	$0	$0
OIG recommended that the Peace Corps consistently improve and implement its inventory management process to ensure information system, hardware, and software inventories are accurate, complete, and up-to-date.