EAC OIG, through the independent public accounting firm of Brown & Company CPAs and Management Consultants, PLLC, audited EAC’s information security program for fiscal year 2022 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The objective was to determine whether EAC implemented selected security controls for certain information systems in support of FISMA.
Audit of the U.S. Election Assistance Commission's Compliance with the Federal Information Security Modernization Act for Fiscal Year 2022
Status of Recommendations
We recommend EAC OCIO remediate vulnerabilities in the network identified, according to the agency’s policy, and document the results or document acceptance of the risks of those vulnerabilities.
We recommend EAC OCIO develop and implement a flaw remediation plan for vulnerabilities that cannot be remediated within the policy recommended timeframes.
We recommend EAC OCIO develop a process for tracking software license usage.
We recommend EAC OCIO perform annual contingency plan testing.
We recommend EAC OCIO provide contingency training to information system users consistent with assigned roles and responsibilities.