Audit of the Millennium Challenge Corporation's Fiscal Year 2014 Compliance with the Federal Information Security Management Act of 2002
Sign inINSPECTOR GENERAL’S OFFICE
The Millennium Challenge Corporation's Fiscal Year 2014 Compliance with the Federal Information Security Management Act of 2002 was audited by the Office of Inspector General.
2014 · 3 pages

Abstract
The audit was conducted in accordance with U.S. Government auditing standards by the independent certified public accounting firm of CliftonLarsonAllen LLP. The objective of the audit was to determine whether the Millennium Challenge Corporation implemented selected minimum security controls for selected information systems in support of FISMA. The audit assessed whether the Millennium Challenge Corporation implemented selected management, technical, and operational controls outlined in National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Revision 3. The audit fieldwork was performed at the Millennium Challenge Corporation's headquarters in Washington, D.C., from March 12 through June 27, 2014. The audit concluded that the Millennium Challenge Corporation implemented 104 of 116 selected security controls for selected information systems in support of FISMA. The audit identified areas where the Millennium Challenge Corporation's implementation of its information security policies was not fully effective to preserve the confidentiality, integrity, and availability of the Agency's information and information systems. The audit found that the Millennium Challenge Corporation's policies were not fully effective to prevent unauthorized access, use, disclosure, disruption, modification, and destruction of the Agency's information and information systems. The audit identified seven areas where the Millennium Challenge Corporation could improve its information security program. The audit made seven recommendations to help the Millennium Challenge Corporation strengthen its information security program. The recommendations included implementing additional security controls, improving incident handling and response, and enhancing employee training. The audit acknowledged management decisions on all recommendations and final action on Recommendation 7. The audit's findings and recommendations were based on the assessment of the Millennium Challenge Corporation's implementation of selected management, technical, and operational controls outlined in National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Revision 3. The audit's results showed that the Millennium Challenge Corporation had made progress in implementing its information security program, but there were still areas for improvement. The audit's recommendations were intended to help the Millennium Challenge Corporation strengthen its information security program and ensure the confidentiality, integrity, and availability of its information and information systems. The audit's findings and recommendations were based on the assessment of the Millennium Challenge Corporation's implementation of selected management, technical, and operational controls outlined in National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Revision 3.
Connected topics
Classification
USAID DEC