Review of the Peace Corps’ Information Security Program for FY 2024

View Report

Date Issued

Friday, October 11, 2024

Submitting OIG

Peace Corps OIG

Other Participating OIGs

Peace Corps OIG

Agencies Reviewed/Investigated

Peace Corps

Report Number

IG-25-01-SR

Report Description

The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.

Report Type

Review

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2024-1	No	$0	$0
OIG recommends that the Peace Corps develops and implements acybersecurity risk register to support the implementation of a fullyintegrated Risk Management and Information Security ContinuousMonitoring (ISCM) program (Metric 10).
2024-2	No	$0	$0
OIG recommends that the Peace Corps develops component authenticitypolicies and procedures (Metric 15).
2024-3	No	$0	$0
OIG recommends that the Peace Corps periodically evaluates, reviews,and updates its policies and procedures, as necessary, to align with anissued and approved ICAM strategy which includes assigning personnelrisk designations and performing appropriate screening prior to grantingaccess to its systems (Metric 28).
2024-4	No	$0	$0
OIG recommends that the Peace Corps conducts, captures, and shareslessons learned in its implementation of the incident response program(Metric 54 and 55).
2024-5	No	$0	$0
OIG recommends that the Peace Corps conducts agency-level BusinessImpact Assessments (BIA) and integrates the results into informationsecurity strategies and other plan development efforts (Metric 61).