U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Review of the Peace Corps' Information Security Program for FY 2023

Report Information

Date Issued
Report Type
The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.
Agency Wide
Yes (agency-wide)
Questioned Costs
Funds for Better Use


Disclaimer: Open/Closed recommendations are updated semiannually.

The Peace Corps develops a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.

The Peace Corps include the CISO at the ERM Council meetings to provide insights on cybersecurity risks.

The Peace Corps further define and implement the ERM program to ensure information security risks are communicated and monitored at the system, business process, and entity levels.

The Peace Corps improve its incident response process to ensure incidents are properly defined, promptly identified, and effectively remediated.

The Peace Corps consistently improve and implement its inventory management process to ensure information system, hardware, and software inventories are accurate, complete, and up to date.