Item request has been placed!
×
Item request cannot be made.
×
Processing Request
The U.S. Department of Education's Federal Information Security Modernization Act of 2014 Report for Fiscal Year 2021. ED-OIG/A21IT0023
Item request has been placed!
×
Item request cannot be made.
×
Processing Request
- المؤلفون: Office of Inspector General (ED)
- اللغة:
English
- المصدر:
Office of Inspector General, US Department of Education. 2021.
- الموضوع:
2021
- نوع التسجيلة:
Reports - Research
- معلومة اضافية
- Peer Reviewed:
N
- المصدر:
101
- الموضوع:
- نبذة مختصرة :
The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus is on five Federal Student Aid (FSA) Systems and the Department's implementation of recommendations from previous reports. To answer this objective, the the Department's performance was rated in accordance with FY 2021 Inspector General (IG) Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics. he metrics are grouped into five cybersecurity framework security functions (Identify, Protect, Detect, Respond, and Recover) that have a total of nine metric domains as outlined in the National Institute of Standards and Technology's (NIST) "Framework for Improving Critical Infrastructure Cybersecurity." Following the SolarWinds Supply Chain Attack in December 2020, the FY 2021 IG FISMA Reporting Metrics introduced Supply Chain Risk Management as a separate metric to prompt the agency preparations for these types of attacks. The Department made several improvements in implementing its cybersecurity posture. In FY21 the Department improved in three functional areas and three metric areas from Level 2 Defined to Level 3 Consistently Implemented. However, its overall IT security programs and practices were not effective in all the five security functions. The report shows findings in four of the nine metric domains, which included findings with the same or similar conditions identified in prior reports, as well as open findings from previous years where the corrective action plan was not completed. Sixteen recommendations in 4 of the 9 metric domains are provided to assist the Department with increasing the effectiveness of their information security programs. [For the Fiscal Year 2020 report, see ED620653.]
- نبذة مختصرة :
ERIC
- الموضوع:
2022
- الرقم المعرف:
ED620672
No Comments.