AT A GLANCE Performance Audit of the National Science Foundation’s Information Security Program for FY 2020 Report No. 21-2-002 November 20, 2020 AUDIT OBJECTIVE The National Science Foundation Office of Inspector General engaged Kearney & Company, P.C. (Kearney) to conduct a performance audit of NSF’s Information Security Program for fiscal year (FY) 2020, as required by the Federal Information Security Modernization Act of 2014 (FISMA, Pub. L. No. 113-283). The audit, which was conducted in accordance with the performance audit standards established by Generally Accepted Government Auditing Standards (GAGAS), included an assessment of the corrective actions taken by NSF in response to the prior-year FISMA audit. AUDIT RESULTS Kearney found that NSF’s Information Security Program was effective for FY 2020 and that NSF complied with the five National Institute of Standards and Technology (NIST) domains as specified in the U.S. Department of Homeland Security’s FY 2020 Inspector General FISMA Reporting Metrics. Kearney also determined NSF has implemented corrective actions to fully or partially address the seven findings identified in the FY 2019 FISMA independent evaluation. Kearney is responsible for the Performance Audit and the conclusions expressed in the report. NSF OIG does not express any opinion on the conclusions presented in Kearney’s audit report. RECOMMENDATIONS The auditors included five new and three modified repeat findings in the report with associated recommendations for NSF to address weaknesses in information technology security controls. AGENCY RESPONSE NSF agreed with all of the findings in the report and plans to incorporate information gained and lessons learned from the review to continue making improvements in its information security program. FOR FURTHER INFORMATION, CONTACT US AT OIGPUBLICAFFAIRS@NSF.GOV.
Performance Audit of NSF's Information Security Program for FY 2020
Published by the National Science Foundation, Office of Inspector General on 2020-11-20.
Below is a raw (and likely hideous) rendition of the original report. (PDF)