The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. The act also requires agencies to have an annual independent evaluation performed to determine the effectiveness of their programs and report the results of these reviews to the Office of Management and Budget (OMB). To meet this requirement, the Surface Transportation Board (STB) has requested that we perform its fiscal year 2019 FISMA review. We have contracted with Williams Adley & Company—DC LLP, an independent public accounting firm, to conduct this review subject to OIG oversight.
The audit objective will be to determine the effectiveness of STB’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover. We will also assess and report on the results of FISMA security metrics and performance measures through CyberScope, as required by OMB.