Audit of the U.S. Election Assistance Commission's Compliance with the Federal Information Security Modernization Act for Fiscal Year 2025

Develop and implement a contingency plan to address potential future staffing challenges that may arise, to mitigate delays in implementing necessary improvements across the applicable FISMA domains.

Establish and execute a monitoring plan to make sure that all information technology policies and procedures, including referenced standards and guidance, are reviewed and updated in accordance with the timeliness requirements defined by EAC policy.

Implement a continuous monitoring governance, risk, and compliance tool that enables the integration of cybersecurity risk management into the enterprise risk management reporting tool. Capture lessons learned to make any necessary adjustments to the…

Implement a process to detect and prevent the use of untrusted removable media on the EAC’s network.

Fully document and implement a process that includes a clear business reason for risk acceptance in the event that untrusted removable media must be introduced on the EAC’s network.

Develop compensating controls to reduce the risk that vulnerabilities can be exploited that are caused by the use of untrusted removable media on the EAC’s network.

Schedule and complete annual contingency planning tests. Retain supporting documentation to demonstrate compliance during audits.