2017 Federal Information Security Modernization Act (FISMA) Evaluation

Published by the Farm Credit Administration, Office of Inspector General on 2017-10-27.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

OFFICE OF                  Audit Report
                       OIG 2017 Evaluation of the
                      Farm Credit Administration’s
                          Compliance with the
                      Federal Information Security
                           Modernization Act


                         Issued October 27, 2017


The objectives of this evaluation
were to determine the
effectiveness of the Farm Credit
Administration’s (FCA or Agency)
information security programs
and practices and to provide the     The Federal Information Security Modernization Act of 2014 (FISMA)
OIG with the ability to report the   requires Inspectors General or an independent external auditor, as
results to the Office of             determined by the Inspector General of the agency, to perform an
Management and Budget (OMB)          annual evaluation of their agency’s security program and practices. For
and the U.S. Department of           fiscal year 2017, FCA Office of Inspector General (OIG) contracted
Homeland Security (DHS).             with Brown & Company CPAs and Management Consultants, PLLC
                                     (Brown & Company) to conduct the independent evaluation of FCA’s
BACKGROUND:                          compliance with the provisions of FISMA.
FCA is an independent Federal
agency responsible for               FISMA requires agencies to develop, document, and implement an
regulating, examining, and           agency-wide information security program to provide information
supervising the Farm Credit          security for the information and information systems that support the
System and the Federal               operations and assets of the Agency, including those provided or
Agricultural Mortgage                managed by another agency, contractor, or other source.
Corporation. The mission of the
agency is to ensure a safe,          Brown & Company concluded that FCA's information security
sound, and dependable source         program is generally compliant with the FISMA legislation and
of credit and related services       applicable OMB guidance. FCA continued to make positive strides in
for agriculture and rural            addressing information security weaknesses. Brown & Company
America.                             found that FCA’s information security program was effective and
                                     provided reasonable assurance of adequate security.
The FCA Board approved the
                                     However, Brown & Company identified for improvement three
formulation of the Office of
                                     control weaknesses related to FCA security practices. The weaknesses
Information Technology (OIT) in
                                     were in the areas of identity management, configuration
May 2015. The OIT is
                                     management, and incident response. OIT agreed to take corrective
responsible for all aspects of
                                     action on four recommendations related to these three weaknesses.
technology, including IT
infrastructure and applications
                                     Brown & Company’s report contains sensitive information about FCA
development, maintenance and
                                     and potential vulnerabilities that could be used against the Agency;
support, data collection, and IT
                                     therefore, the OIG is not releasing the full report publicly.
security services.


Report Fraud, Waste, Abuse, Mismanagement

   Phone: Toll Free (800) 437-7322; (703) 883-4316

                Fax: (703) 883-4059

           E-mail: fca-ig-hotline@rcn.com

          Mail: Farm Credit Administration
            Office of Inspector General
               1501 Farm Credit Drive
              McLean, VA 22102-5090