Audit Initiated of STB’s Information Security Program and Practices for Fiscal Year 2024
The Federal Information Security Modernization Act of 2014 (FISMA) requires Federal agencies to implement information security programs. The act also requires agencies to conduct annual independent reviews to determine the effectiveness of their programs and report the reviews’ results to the Office of Management and Budget (OMB). To meet this requirement, the Surface Transportation Board (STB) has requested that we perform its fiscal year 2024 FISMA review. We have contracted with Williams Adley & Company DC LLP, an independent public accounting firm, to conduct this review subject to our oversight. The audit objective will be to determine the effectiveness of STB’s information security program and practices. We will review a group of FISMA security metrics and performance measures selected by OMB and submit the results of our assessment through CyberScope to OMB as required.