Board Report: 2024-IT-B-020 October 31, 2024
Each year, we audit the Board's information security program as required by the Federal Information Security Modernization Act.
The Board's information security program remains effective as a whole. The agency has strengthened some areas, such as personnel security processes. However, several areas have decreased in maturity, including supply chain risk management and data loss prevention. Further, 14 recommendations we made in our prior years' FISMA audits remain open.
This report includes 9 new recommendations to strengthen the Board's information security program. To maintain an effective information security program, the Board needs to make sufficient progress to address these and our previous recommendations.