U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Fiscal Year 2022 Federal Information Security Modernization Act (FISMA) Evaluation of AmeriCorps

Date Issued
Report Number
Report Type
Inspection / Evaluation
The fiscal year 2022 FISMA evaluation concluded that AmeriCorps’ information security program remains ineffective. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) mobile devices, (2) IT asset inventory management, (3) vulnerability and patch management program, (4) Personal Identity Verification (PIV) multifactor authentication, (5) performance measures, (6) security assessments and (7) contingency planning. AmeriCorps has not made significant progress in implementing prior FISMA recommendations: it has implemented only 12 of the 42 open recommendations from the FY 2017- FY 2021 FISMA evaluations. The failure to address critical deficiencies leaves AmeriCorps systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use, and disclosure. Implementing more of these recommendations will help AmeriCorps to mature its information security program and bring it closer to effectiveness. AmeriCorps concurred with the three new recommendations in our report, which together with the 30 remaining prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. The full report contains a summary and evaluation of management’s response.
Joint Report
Agency Wide
Questioned Costs
Funds for Better Use

Open Recommendations

No recommendations at this time.