Audit Initiated of Fiscal Year 2023 STB FISMA Review
The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to implement information security programs. The act also requires agencies to conduct annual independent reviews to determine the effectiveness of their programs and report the reviews’ results to the Office of Management and Budget (OMB). To meet this requirement, the Surface Transportation Board (STB) has requested that we perform its fiscal year 2023 FISMA review. We have contracted with Williams Adley & Company—DC LLP (Williams Adley), an independent public accounting firm, to conduct this review subject to our oversight. The audit objective is to determine the effectiveness of STB’s information security program and practices. We will review a group of FISMA security metrics and performance measures selected by OMB and submit the results of our assessment through CyberScope to OMB as required.