Fri. Oct 11th, 2024

Review of the Postal Regulatory Commission’s Compliance With the Federal Information Security Modernization Act of 2014 for Fiscal Year 2024

September 27, 2024 ,

READ FULL ARTICLE AT » Office of Inspector General OIG

Background

This report presents a review of the United States Postal Regulatory Commission’s (PRC) information security program and practices for fiscal year (FY) 2024. The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to develop, implement, and document agencywide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget.

What We DId

To meet the annual review requirement, we contracted with KPMG LLP (KPMG) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of the PRC’s information security program and practices in five framework function areas: Identify, Protect, Detect, Respond, and Recover.

What We Found

The PRC has opportunities to improve its information security program. Specifically, the PRC began to draft and implement policies, procedures, and processes to manage its information security program. However, KPMG determined that these initiatives were not completed. As a result, the Core Metrics and Supplemental Group 2 Metrics were rated an Ad-Hoc (Level 1) maturity level for the five framework functions. KPMG identified one finding (see Section III) pertaining to the functions and their respective nine metric domains.

Recommendations and Management’s Comments

KPMG made nine recommendations to address the issues identified in the report across the nine FISMA metric domains. The PRC agreed with all recommendations. KPMG considers management’s comments responsive to all recommendations, as corrective actions should resolve the issues identified in the report.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
Send this to a friend