U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Fiscal Year 2024 Federal Information Security Modernization Act (FISMA) Audit

Date Issued
Report Number
OIG-AR-24-03
Report Type
Audit
Description
Pursuant to the Federal Information Security Modernization Act of 2014 (FISMA), an independent external auditor, on behalf of OIG conducted an annual independent audit of AmeriCorps’ information security program and practices. The fiscal year (FY) 2024 FISMA audit concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2024. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) inventory management, (2) supply chain risk management program, (3) vulnerability and patch management program, (4) personnel screening process, (5) authorization packages, (6) logging, and (7) contingency planning. AmeriCorps did not specify the findings and recommendations with which they were in agreement or disagreement. AmeriCorps’ response is included in its entirety in Appendix IV of the audit report. The recommendations related to the seven findings will remain open until corrective actions have been fully implemented.
Joint Report
No
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Open Recommendations

Body

Enforce the requirement for the Tier 2 lead to perform the monthly audit of the inventory report. (New)

Body

Develop, document, and communicate Supply Chain Risk Management procedures to address all FISMA Supply Chain Risk Management requirements. (Modified Repeat)

Body

Develop and implement a written oversight process to ensure that Contracting Officer’s Representatives regularly provide the Office of Human Capital with names of contractors who require background investigations and that the Office of Information Technology confirms those background investigations are complete before contractors receive system access. (New)

Body

Complete the Authorization To Use package that covers the Administrative Resource Center Financial System. (Modified Repeat)

Body

Perform a gap analysis by reconciling all Security Information and Event Management solutions that are capturing logs. (New)