BETHESDA – Today the U.S. Consumer Product Safety Commission (CPSC) Office of Inspector General (OIG) issued a report on the results of the Fiscal Year (FY) 2020 Federal Information Security Modernization Act (FISMA) review. The OIG retained the services of Williams, Adley, & Co.-DC LLP (Williams Adley) an independent accounting firm to complete this review.
Overall, the OIG found that while the CPSC has made progress in implementing FISMA requirements, work remains to be done. This year Williams Adley took a new to CPSC approach in categorizing its 47 recommendations, many of which had been reported previously and were not implemented. Williams Adley identified two recommendations that address the root causes of many of the FISMA requirements. The OIG anticipates this new approach will help the agency address the deficiencies in their systems more effectively and in a timely manner.
The first of these root cause recommendations is to develop and implement a formal strategy to address information security risk management requirements as prescribed by the National Institute of Standards and Technology guidance. Once this is complete, CPSC management will be able to implement the second root cause recommendation by assessing the relative importance of risks and prioritizing them according to their potential impact on the agency’s business processes. This strategy document will provide the CPSC with the basis of an effective and risk-based plan to address IT security issues and provide agency management with a roadmap to prioritize the completion of the other 45 recommendations.