Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2017-IT-B-018 October 31, 2017

2017 Audit of the Board's Information Security Program

available formats

The Federal Information Security Modernization Act of 2014 requires us to review the Board's information security program every year. We did so according to U.S. Department of Homeland Security guidelines, which involves evaluating the program's maturity level (from a low of 1 to a high of 5) across several areas.

The Board's information security program is operating at level 3 (consistently implemented), with the agency performing several activities indicative of a higher maturity level. However, the agency can mature its information security program to ensure that it is effective, or operating at level 4 (managed and measurable).

We are making recommendations to strengthen the Board's information security program in the areas of risk management, configuration management, identity and access management, information security continuous monitoring, and contingency planning.