Date Issued
Report Number
2020-ITA-032
Report Type
Audit
Component
Departmentwide
Description
The Federal Information Security Modernization Act (FISMA) requires Federal agencies to have an annual independent evaluation of their information security programs and practices. This evaluation is to be performed by the agency’s Office of Inspector General or by an independent external auditor to determine the effectiveness of such programs and practices. The U.S. Department of the Interior (DOI) contracted with KPMG, an independent public accounting firm, to complete a FISMA audit for fiscal year 2020.
KPMG reviewed information security practices, policies, and procedures at the DOI Office of the Chief Information Officer and 11 DOI bureaus and offices. The audit revealed that improvements were needed in the areas of risk management, configuration management, identity and access management, the data protection and privacy program, the security training program, and contingency planning. Based on these findings, KPMG made 32 recommendations intended to strengthen the DOI’s information security program as well as those of the bureaus and offices.
The DOI’s Office of the Chief Information Officer has concurred with all 32 recommendations and established a target completion date for each corrective action.
Joint Report
No
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
Oversight Report File