FISCAL Year 2023 Federal Information Security Modernization Act Evaluation of AmeriCorps

September 29, 2023

OIG-EV-23-08

Inspection / Evaluation

The fiscal year 2023 FISMA evaluation concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2023. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) Inventory management, (2) vulnerability and patch management program, (3) unsupported software, (4) authorization packages, (5) incident response plan, (6) logging and (7) contingency planning. The failure to address critical deficiencies leaves AmeriCorps’ systems and data vulnerable to breach, which may expose sensitive information, including Personally Identifiable Information, unauthorized access, use, and disclosure. Implementing new and open recommendations will help AmeriCorps to mature its information security. AmeriCorps concurred with the 15 new recommendations in our report, which together with the 14 remaining prior year recommendations, will assist AmeriCorps in developing a mature and effective information security program. The full report contains a summary and evaluation of management’s response.

No

Yes

$0

$0