OFFICE OF Audit Report INSPECTOR GENERAL OIG 2017 Evaluation of the Farm Credit Administration’s Compliance with the Federal Information Security Modernization Act A-17-05 Issued October 27, 2017 FARM CREDIT ADMINISTRATION OBJECTIVE: The objectives of this evaluation were to determine the effectiveness of the Farm Credit Administration’s (FCA or Agency) information security programs and practices and to provide the The Federal Information Security Modernization Act of 2014 (FISMA) OIG with the ability to report the requires Inspectors General or an independent external auditor, as results to the Office of determined by the Inspector General of the agency, to perform an Management and Budget (OMB) annual evaluation of their agency’s security program and practices. For and the U.S. Department of fiscal year 2017, FCA Office of Inspector General (OIG) contracted Homeland Security (DHS). with Brown & Company CPAs and Management Consultants, PLLC (Brown & Company) to conduct the independent evaluation of FCA’s BACKGROUND: compliance with the provisions of FISMA. FCA is an independent Federal agency responsible for FISMA requires agencies to develop, document, and implement an regulating, examining, and agency-wide information security program to provide information supervising the Farm Credit security for the information and information systems that support the System and the Federal operations and assets of the Agency, including those provided or Agricultural Mortgage managed by another agency, contractor, or other source. Corporation. The mission of the agency is to ensure a safe, Brown & Company concluded that FCA's information security sound, and dependable source program is generally compliant with the FISMA legislation and of credit and related services applicable OMB guidance. FCA continued to make positive strides in for agriculture and rural addressing information security weaknesses. Brown & Company America. found that FCA’s information security program was effective and provided reasonable assurance of adequate security. The FCA Board approved the However, Brown & Company identified for improvement three formulation of the Office of control weaknesses related to FCA security practices. The weaknesses Information Technology (OIT) in were in the areas of identity management, configuration May 2015. The OIT is management, and incident response. OIT agreed to take corrective responsible for all aspects of action on four recommendations related to these three weaknesses. technology, including IT infrastructure and applications Brown & Company’s report contains sensitive information about FCA development, maintenance and and potential vulnerabilities that could be used against the Agency; support, data collection, and IT therefore, the OIG is not releasing the full report publicly. security services. FARM CREDIT ADMINISTRATION OFFICE OF INSPECTOR GENERAL Report Fraud, Waste, Abuse, Mismanagement Phone: Toll Free (800) 437-7322; (703) 883-4316 Fax: (703) 883-4059 E-mail: firstname.lastname@example.org Mail: Farm Credit Administration Office of Inspector General 1501 Farm Credit Drive McLean, VA 22102-5090
2017 Federal Information Security Modernization Act (FISMA) Evaluation
Published by the Farm Credit Administration, Office of Inspector General on 2017-10-27.
Below is a raw (and likely hideous) rendition of the original report. (PDF)