Audit of the Inter-American Foundation's Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014
Sign inINSPECTOR GENERAL’S OFFICE
The Inter-American Foundation's (IAF) information security program is designed to protect its information and information systems, including those provided or managed by another agency, contractor, or other source.
2014 · 3 pages

Abstract
The Federal Information Security Management Act of 2002 (FISMA) requires agencies to develop, document, and implement an agency-wide information security program. IAF's program is intended to ensure the confidentiality, integrity, and availability of its information systems. The audit was conducted by CliftonLarsonAllen LLP, an independent certified public accounting firm, in accordance with U.S. Government auditing standards. The audit objective was to determine whether IAF implemented selected minimum security controls for selected information systems in support of FISMA. Clifton assessed whether IAF implemented selected management, technical, and operational controls outlined in National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Revision 3. The audit fieldwork was performed at IAF's headquarters in Washington, D.C., from March 25 through July 14, 2014. The audit concluded that IAF implemented 77 of 85 tested security controls in support of FISMA. IAF established adequate information technology security policies and procedures related to access controls, awareness and training, audit and accountability, security assessment and authorization, and personnel security. The foundation also implemented effective account management procedures and maintained adequate control over physical access to facilities and the computer room. IAF established adequate processing procedures for bringing on new employees and for employees leaving the organization. The audit identified areas for improvement, and based on Clifton's report, the Office of Inspector General made five recommendations to help IAF strengthen its information security program. IAF acknowledged management decisions on each of those recommendations. The recommendations are intended to enhance IAF's information security program and ensure the confidentiality, integrity, and availability of its information systems. The audit's findings and recommendations are intended to support IAF's ongoing efforts to strengthen its information security program. The implementation of the recommended controls will help to ensure the security and integrity of IAF's information systems, which are critical to the foundation's operations and mission. The recommendations are designed to enhance IAF's information security program and ensure compliance with FISMA requirements.
Classification

USAID DEC