16-03, Fiscal Year 2015 Federal Information Security Modernization Act Evaluation of the Corporation for National & Community Service

Summary Page of Fiscal Year 2015 Federal Information Security Modernization Act Evaluation of the Corporation for National & Community Service

Evaluation of the Corporation’s Information Security and Privacy Program found these were not compliant in a number of respects with FISMA legislation, Office of Management and Budget guidance and applicable National Institute of Standards and Technology security publications.  Evaluations testing found controls were ineffective in eight of 11 areas.  In two of the eight areas, Continuous Monitoring Management and Risk Management, the deficiencies were severe enough to constitute a significant deficiency.