The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to implement information security programs. The act also requires agencies to conduct annual independent reviews to determine the effectiveness of their programs and report the reviews’ results to the Office of Management and Budget (OMB). We have contracted with an independent public accounting firm to conduct the review of the Department of Transportation’s (DOT) information security program, subject to our oversight.
The audit objective will be to determine the effectiveness of DOT’s information security program, including its performance in five function areas—Identify, Protect, Detect, Respond, and Recover. We will also submit an assessment of FISMA security metrics and performance measures through CyberScope, a web-based application that collects security data from Federal agencies, as OMB requires.