U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Audit of the U.S. Election Assistance Commission's Compliance with the Federal Information Security Modernization Act for Fiscal Year 2024

Report Information

Date Issued
Report Number
P24HQ0052-24-15
Report Type
Audit
Subject
IT
Description

The independent public accounting firm of RMA Associates, LLC, under contract with the Office of Inspector General, audited EAC’s information security program for fiscal year 2024 in support of the Federal Information Security Modernization Act of 2014 (FISMA). The objective was to determine whether EAC implemented an effective information security program.

Participating OIG
Election Assistance Commission OIG
Questioned Costs
$0
Funds for Better Use
$0

Status of Recommendations

Open

We recommend that the Chief Information Security Officer identify qualitative and quantitative metrics on service level agreements held with third parties, then perform an analysis with monthly reporting received from those third parties to identify…

Open

We recommend that the Chief Information Security Officer develop and implement procedures to leverage the Repository for Software Attestation and Artifacts to obtain sufficient assurance that the security and supply chain controls of systems or services…

Open

We recommend that the Chief Information Security Officer provide annual Anti-Counterfeit Training for IT staff with SCRM responsibilities.

Open

We recommend that the Election Assistance Commission's Chief Information Officer implement EL3 logging requirements in accordance with Office of Management and Budget memorandum M-21-31.

Closed

We recommend that the Election Assistance Commission's Chief Information Officer perform the breach table-top exercises annually which includes a data-exfiltration exercise.

Open

We recommend that the Election Assistance Commission's Chief Information Officer establish and implement a formal Information Security Continuous Monitoring Strategy and an effective monitoring mechanism to track the progress of ongoing lessons…

Open

We recommend that the Election Assistance Commission's Chief Information Officer identify and employ an automated notification mechanism to test its system level contingency plans thoroughly and effectively.