oversight

Performance Audit of the National Science Foundation's Information Security Program for FY 2017

Published by the National Science Foundation, Office of Inspector General on 2017-11-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

AT A GLANCE
Performance Audit of the National Science Foundation’s
Information Security Program for FY 2017
Report No. OIG 18-2-004
November 30, 2017

 AUDIT OBJECTIVE
 The NSF Office of Inspector General (OIG) engaged Kearney & Company, P.C. (Kearney) to conduct
 a performance audit of NSF’s Information Security Program for FY 2017, as required by the Federal
 Information Security Modernization Act of 2014 (FISMA). The audit, which was conducted in
 accordance with the performance audit standards established by Generally Accepted Government
 Auditing Standards (GAGAS), included an assessment of the corrective actions taken by NSF in
 response to prior-year FISMA audits. Kearney is responsible for the attached auditor’s report and the
 conclusions expressed therein. NSF OIG does not express any opinion on the conclusions presented in
 Kearney’s audit report.

 AUDIT RESULTS
 Kearney found that NSF has an established Information Security Program and has implemented
 appropriate corrective actions in response to four of the five findings reported in the FY 2016 FISMA
 report; however, additional work is needed to address shortfalls in select information technology (IT)
 security controls. Kearney issued two new and one modified-repeat findings in the areas of
 configuration management, U.S. Antarctic Program (USAP) contingency planning, and USAP
 accreditation packages.

 RECOMMENDATIONS
 Kearney made five recommendations, which, if implemented, will improve NSF’s IT Security
 Program.

 AGENCY RESPONSE
 NSF generally agreed with the findings and recommendations, and plans to incorporate the results of
 the audit as it continues to make improvements in the IT Security Program. NSF’s response is
 included in its entirety at Appendix A.

 FOR FURTHER INFORMATION, CONTACT US AT (703) 292-7100 OR OIG@NSF.GOV.




NSF.GOV/OIG | OIG 18-2-004