U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2020 Federal Information Security Modernization Act

Report Information

Date Issued
Report Number:
50503-0003-12
Report Type
Audit
Component
USDA - Multi Agency
Description
As required by FISMA, OIG reviewed USDA’s ongoing efforts to improve its information technology security program and practices during FY 2020.
Joint Report
No
Agency Wide
Yes (agency-wide)

Recommendations

We recommend the Department develop a policy and implement the necessary oversight to monitor CSAM for accuracy so that the system provides sufficient support to determine compliance with Federal requirements and for decision making.

We recommend the Department implement a centrally managed software license program that complies with Departmental policy.

We recommend the Department prioritize remediation of outstanding vulnerabilities to address security and control deficiencies by implementing an improved patch or upgrade process to address security deficiencies identified by the independent OIG scans and SIEM.

We recommend the Department remove unsupported software from its network by designing and implementing a strategic Departmentwide plan.

We recommend the Department revise the DR 3565-003, Plan of Action and Milestones Policy to specify a timetable or time constraint for resolving high, medium and low vulnerabilities.