EAC OIG, through the independent public accounting firm of Brown & Company, PLLC, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 (FISMA) and related information security policies, procedures, standards, and guidelines for fiscal year 2020.
EAC Compliance with the Federal Information Security Modernization Act Fiscal Year 2020
Report Information
Status of Recommendations
EAC OIT should prepare an authorization package for its Microsoft Azure system that includes a security and privacy plan, security and privacy assessment report, plans of action and milestones, and an executive summary.
EAC OIT should ensure Data Owners sign user access recertifications.
EAC OIT should implement DMARC policy and HSTS security controls required by DHS Binding Operational Directive 18-01.
EAC OIT should reconcile its physical inventory to its inventory system report and update inventory records for separated employees to reflect the EAC operating environment accurately.
EAC OIT should prepare performance metrics that measure the effectiveness or efficiency of its information security program and security controls the EAC employs in support of its programs.