EAC OIG, through the independent public accounting firm of Brown & Company, PLLC, audited EAC's compliance with the Federal Information Security Modernization Act of 2014 (FISMA) and related information security policies, procedures, standards, and guidelines for fiscal year 2021.
EAC's FY 2021 FISMA Final Audit Report
Report Information
Status of Recommendations
We recommend EAC OIT perform Security Content Automation Protocol (SCAP) scanning to identify vulnerabilities in all systems on the network to assess both code-based and configuration-based vulnerabilities as required by Office of Management and Budget (...
We recommend EAC OIT ensure its Windows 10 devices comply with its Center for Internet Security (CIS) security benchmarks as required by its system security plan.
We recommend EAC OIT implement software patches in its information systems in a timely manner and process patches through its change control process as required by its system security plan.
We recommend EAC develop and implement a supply risk chain management strategy that aligns with NIST and as required by OMB.
We recommend EAC develop and implement an anti-counterfeit policy and procedures that include detecting and preventing counterfeit components from entering the system.
We recommend EAC provide training for the OIT staff to detect counterfeit system components (including hardware, software, and firmware).
We recommend EAC OIT update its PO&AM workbook to include all known weakness and add the appropriate level of detail required as instructed by OMB.