Evaluation Report 15-07: Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review

On March 13, 2015, the U.S. Small Business Administration (SBA) Office of Inspector General (OIG) published its evaluation report, Report 15-07:  Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review.  The Federal Information Security Management Act (FISMA) requires that the OIG review the SBA’s Information Technology Security Program. To determine SBA’s compliance with FISMA, OIG contracted with an independent public accountant, KPMG, to perform review procedures relating to FISMA. OIG monitored KPMG’s work and reported SBA’s compliance with FISMA in the Agency FISMA filings in November 2014.  We also assessed the Agency’s progress in implementing open recommendations and compared our current year assessment with our fiscal year 2013 FISMA evaluation.  In addition to the 32 open FISMA recommendations noted in Appendix II, OIG made 6 new recommendations to address FISMA-related vulnerabilities.  SBA fully agreed with all six recommendations, and projected they would be implemented by February 2017.