U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Audit of U.S. Election Assistance Commission's Compliance with Section 522 of the 2005 Consolidated Appropriations Act

Report Information

Date Issued
Report Number
I-PA-EAC-02-08
Report Type
Audit
Subject
EAC Operations
Description

EAC OIG, through the independent public accounting firm of Clifton Gunderson LLP, conducted this audit to determine whether (1) the necessity of using personally identifiable information for processing was properly evaluated; (2) the EAC had established adequate procedures governing the collection, use and security of personally identifiable information; and (3) EAC had properly complied with the prescribed procedures to prevent unauthorized access to and the unintended use of personally identifiable information.

Participating OIG
Election Assistance Commission OIG
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Status of Recommendations

Closed

Designate a Chief Privacy Officer or formally appoint an individual with the responsibility of monitoring and enforcing privacy related policies and procedures. Privacy responsibilities should be added to the position description (PD) of this assigned…

Closed

Develop an understanding of which EAC systems are covered by GSA's FISMA review rotation plan. Consequently, EAC should request from the service provider their systems review rotation schedule and note which systems are covered in each year's…

Closed

Develop and implement formal policies that address the information protection needs associated with PII to include:a) references to applicable information technology security policies and proceduresb) EAC specific procedures for responding to breaches of…

Closed

Complete the encryption of blackberry devices and laptops with Credent Encryption software as well as implement two-factor authentication.

Closed

Develop and maintain a plan of actions and milestones (POA&M) to address weaknesses identified in developing and implementing protections of PII.

Closed

Conduct a risk assessment which addresses the risks associated with the download, remote access, or other removal of PII from each system containing PII.