The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
2024-1 | No | $0 | $0 | ||
OIG recommends that the Peace Corps develops and implements acybersecurity risk register to support the implementation of a fullyintegrated Risk Management and Information Security ContinuousMonitoring (ISCM) program (Metric 10). | |||||
2024-2 | No | $0 | $0 | ||
OIG recommends that the Peace Corps develops component authenticitypolicies and procedures (Metric 15). | |||||
2024-3 | No | $0 | $0 | ||
OIG recommends that the Peace Corps periodically evaluates, reviews,and updates its policies and procedures, as necessary, to align with anissued and approved ICAM strategy which includes assigning personnelrisk designations and performing appropriate screening prior to grantingaccess to its systems (Metric 28). | |||||
2024-4 | No | $0 | $0 | ||
OIG recommends that the Peace Corps conducts, captures, and shareslessons learned in its implementation of the incident response program(Metric 54 and 55). | |||||
2024-5 | No | $0 | $0 | ||
OIG recommends that the Peace Corps conducts agency-level BusinessImpact Assessments (BIA) and integrates the results into informationsecurity strategies and other plan development efforts (Metric 61). |