U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

EAC Compliance with the Federal Information Security Modernization Act Fiscal Year 2020

Report Information

Date Issued
Report Number
I-PA-EAC-02-20
Report Type
Audit
Subject
IT
Description

EAC OIG, through the independent public accounting firm of Brown & Company, PLLC, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 (FISMA) and related information security policies, procedures, standards, and guidelines for fiscal year 2020.

Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Status of Recommendations

Closed

EAC OIT should prepare an authorization package for its Microsoft Azure system that includes a security and privacy plan, security and privacy assessment report, plans of action and milestones, and an executive summary.

Closed

EAC OIT should ensure Data Owners sign user access recertifications.

Closed

EAC OIT should implement DMARC policy and HSTS security controls required by DHS Binding Operational Directive 18-01.

Closed

EAC OIT should reconcile its physical inventory to its inventory system report and update inventory records for separated employees to reflect the EAC operating environment accurately.

Closed

EAC OIT should prepare performance metrics that measure the effectiveness or efficiency of its information security program and security controls the EAC employs in support of its programs.