The U.S. Department of Education's Federal Information Security Modernization Act of 2014 Report for Fiscal Year 2021. ED-OIG/A21IT0023

Institution	Office of Inspector General (ED)
Titel	The U.S. Department of Education's Federal Information Security Modernization Act of 2014 Report for Fiscal Year 2021. ED-OIG/A21IT0023
Quelle	(2021), (101 Seiten) PDF als Volltext kostenfreie Datei Verfügbarkeit
Sprache	englisch
Dokumenttyp	gedruckt; online; Monographie
Schlagwörter	Public Agencies; Federal Legislation; Educational Legislation; Information Security; Information Technology; Information Systems; Federal Aid; Student Financial Aid; Computer Security; Program Effectiveness; Objectives; Program Evaluation; Risk Management; Privacy; Training; Prevention; Audits (Verification); Emergency Programs + Suchen Sie Ihr Suchwort? Öffentliche Einrichtung; Bundesrecht; Bildungsrecht; Schulgesetz; Informationstechnologie; Finanzielle Beihilfe; Studienfinanzierung; Studienförderung; Computervirus; Computersicherheit; Goal definition; Zielsetzung; Programme evaluation; Programmevaluation; Risikomanagement; Privatsphäre; Ausbildung; Prävention; Vorbeugung; Hilfsprogramm
Abstract	The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus is on five Federal Student Aid (FSA) Systems and the Department's implementation of recommendations from previous reports. To answer this objective, the the Department's performance was rated in accordance with FY 2021 Inspector General (IG) Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics. he metrics are grouped into five cybersecurity framework security functions (Identify, Protect, Detect, Respond, and Recover) that have a total of nine metric domains as outlined in the National Institute of Standards and Technology's (NIST) "Framework for Improving Critical Infrastructure Cybersecurity." Following the SolarWinds Supply Chain Attack in December 2020, the FY 2021 IG FISMA Reporting Metrics introduced Supply Chain Risk Management as a separate metric to prompt the agency preparations for these types of attacks. The Department made several improvements in implementing its cybersecurity posture. In FY21 the Department improved in three functional areas and three metric areas from Level 2 Defined to Level 3 Consistently Implemented. However, its overall IT security programs and practices were not effective in all the five security functions. The report shows findings in four of the nine metric domains, which included findings with the same or similar conditions identified in prior reports, as well as open findings from previous years where the corrective action plan was not completed. Sixteen recommendations in 4 of the 9 metric domains are provided to assist the Department with increasing the effectiveness of their information security programs. [For the Fiscal Year 2020 report, see ED620653.] (ERIC).
Anmerkungen	Office of Inspector General, US Department of Education. Available from: ED Pubs. P.O. Box 1398, Jessup, MD 20794-1398. Tel: 877-433-7827; e-mail: edpubs@edpubs.ed.gov; Web site: https://www2.ed.gov/about/offices/list/oig/managementchallenges.html
Erfasst von	ERIC (Education Resources Information Center), Washington, DC
Update	2024/1/01