The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. The act also requires agencies to conduct annual independent reviews to determine the effectiveness of their programs, and report the results of these reviews to the Office of Management and Budget (OMB). To meet this requirement, we have contracted with an independent public accounting firm to conduct the review of the Department of Transportation’s (DOT) information security program and practices subject to our oversight.
The audit objective will be to determine the effectiveness of DOT’s information security program in five function areas—Identify, Protect, Detect, Respond, and Recover. We will report on the review of FISMA security metrics and performance measures through CyberScope as required by OMB.