U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2023 Federal Information Security Modernization Act

Report Information

Date Issued
Report Number:
50503-0011-12
Report Type
Audit
Description
As required by the Federal Information Security Modernization Act, OIG reviewed USDA's ongoing efforts to improve its information technology security program and practices during Fiscal Year 2023.
Joint Report
Yes
Participating OIG
Department of Agriculture OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View report on Oversight.gov

Recommendations

OCIO management should implement a quality control process to validate whether SSPs adhere to USDA Standard Operating Procedures for the RMF and NIST SPs 800- 18, 800-37, and 800-53 and accurately reflect the current system environment.

OCIO management should implement a quality control process to validate whether system-level SSPs, such as those tested, accurately reflect implementation statuses of their security controls and/or include all interfaces.

Farm Production and Conservation management should review and update its SSPs to accurately reflect implementation statuses of their security controls and/or include all interfaces.

Rural Development management should review and update its SSPs to accurately reflect implementation statuses of their security controls and/or include all interfaces.

Food, Nutrition, and Consumer Services management should review and update its SSPs to accurately reflect implementation statuses of their security controls and/or include all interfaces.