Date Issued
Report Number
2016-ITA-062
Report Type
Audit
External Entity
Departmentwide
Description
The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to have an annual independent evaluation of their information security programs and practices performed by their Office of Inspector General (OIG) or by an independent external auditor, as determined by their OIG. KPMG LLP, an independent public accounting firm, performed the U.S. Department of Interior’s (DOI) FISMA evaluation for fiscal year (FY) 2016 under a contract issued by DOI and monitored by OIG.
For FY 2016, KPMG adopted a risk-based approach and reviewed a sample of 13 Department and contractor information systems at 12 bureaus and offices. KPMG concluded that DOI has established security programs for contractor systems, configuration management, identity and access management, information security continuous monitoring, incident response and contingency planning. However, KPMG identified needed improvements in most areas audited.
KPMG made 21 recommendations intended to strengthen the respective bureaus and offices, as well as the Department’s information security program.
Joint Report
No
Agency Wide
Yes
Local File
Oversight Report File