The independent public accounting firm of RMA Associates, LLC, under contract with the Office of Inspector General, audited EAC’s information security program for fiscal year 2024 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The objective was to determine whether EAC implemented an effective information security program.
Audit of the U.S. Election Assistance Commission's Compliance with the Federal Information Security Modernization Act for Fiscal Year 2024
Report Information
Status of Recommendations
We recommend that the Chief Information Security Officer identify qualitative and quantitative metrics on service level agreements held with third parties, then perform an analysis with monthly reporting received from those third parties to identify…
We recommend that the Chief Information Security Officer develop and implement procedures to leverage the Repository for Software Attestation and Artifacts to obtain sufficient assurance that the security and supply chain controls of systems or services…
We recommend that the Chief Information Security Officer provide annual Anti-Counterfeit Training for IT staff with SCRM responsibilities.
We recommend that the Election Assistance Commission's Chief Information Officer implement EL3 logging requirements in accordance with Office of Management and Budget memorandum M-21-31.
We recommend that the Election Assistance Commission's Chief Information Officer perform the breach table-top exercises annually which includes a data-exfiltration exercise.
We recommend that the Election Assistance Commission's Chief Information Officer establish and implement a formal Information Security Continuous Monitoring Strategy and an effective monitoring mechanism to track the progress of ongoing lessons…
We recommend that the Election Assistance Commission's Chief Information Officer identify and employ an automated notification mechanism to test its system level contingency plans thoroughly and effectively.