U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Review of the Peace Corps’ Information Security Program for FY 2024

Report Information

Date Issued
Report Number
IG-25-01-SR
Report Type
Review
Description
The Federal Information Security Modernization Act of 2014 (FISMA) provides a comprehensive framework for establishing and ensuring the effectiveness of managerial, operational, and technical controls over information technology (IT) that supports Federal operations and assets and provides a mechanism for improved oversight of Federal agency information security programs. FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce IT security risks to an acceptable level. FISMA requires agency program officials, Chief Information Officers (CIO)s, Chief Information Security Officers (CISO)s, senior agency officials for privacy, and inspectors general to conduct annual reviews of the agency’s information security program.
Participating OIG
Peace Corps OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

Disclaimer: Open/Closed recommendations are updated semiannually.

OIG recommends that the Peace Corps conducts agency-level BusinessImpact Assessments (BIA) and integrates the results into informationsecurity strategies and other plan development efforts (Metric 61).

OIG recommends that the Peace Corps conducts, captures, and shareslessons learned in its implementation of the incident response program(Metric 54 and 55).

OIG recommends that the Peace Corps periodically evaluates, reviews,and updates its policies and procedures, as necessary, to align with anissued and approved ICAM strategy which includes assigning personnelrisk designations and performing appropriate screening prior to grantingaccess to its systems (Metric 28).

OIG recommends that the Peace Corps develops component authenticitypolicies and procedures (Metric 15).

OIG recommends that the Peace Corps develops and implements acybersecurity risk register to support the implementation of a fullyintegrated Risk Management and Information Security ContinuousMonitoring (ISCM) program (Metric 10).