U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Fiscal Year 2021 Federal Information Security Modernization Act Evaluation of AmeriCorps

Date Issued
Report Number
OIG-EV-22-03
Report Type
Inspection / Evaluation
Description
The information security program of AmeriCorps remains ineffective and has shown little progress since FY 2018. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: organization-wide risk management, IT asset inventory management, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management practices. AmeriCorps has not made significant progress in implementing prior FISMA recommendations. AmeriCorps has implemented only eight of the 39 open recommendations from the FY 2017- FY 2020 FISMA evaluations.. Implementing more of these recommendations will help AmeriCorps to mature its information security program and bring it closer to effectiveness. The failure to address critical deficiencies leaves AmeriCorps systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers 13 new recommendations, which together with the prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. AmeriCorps concurred with 12 of the 13 new recommendations and provided alternative actions to resolve the remaining recommendation.
Joint Report
No
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
1

Open Recommendations

Significant Recommendation
On