HOME
. . .
STRATEGIC PLAN
WHISTLEBLOWER PROTECTION
NEWS STAND
REPORTS
. . .
CLOSED INVESTIGATIONS
AUDIT REPORTS
SEMI-ANNUAL REPORTS
OPERATIONS
. . .
AUDITS
INVESTIGATIONS
ABOUT
. . .
PLAIN WRITING ACT
MEET THE STAFF
RECOVERY ACT
CONTACT US
. . .
EMPLOYMENT / CAREER
PRIVACY POLICY
HOTLINE

WELCOME


Created by the National and Community Service Trust Act of 1993, the Corporation provides opportunities for Americans to serve their communities through: Senior Corps, AmeriCorps, VISTA, National Civilian Community Corps and Learn and Serve America. The 1993 Act also established the Office of Inspector General, which conducts independent and objective audits and investigations of Corporation programs and operations to prevent and deter waste, fraud and abuse. It also recommends policies to Corporation management to promote economy and efficiency.

 

Each federal agency has an Office of Inspector General (OIG) that provides independent oversight of the agency’s programs and operations. The office is responsible for promoting efficiency and effectiveness in agency programs and for preventing and detecting fraud, waste, and abuse.

 

Audit Report
ISSUED DATE
2016-12-22

The Corporation for National and Community Service (the Corporation or CNCS) has made significant progress in addressing the information security and privacy weaknesses identified in last year’s Federal Information Security Modernization Act of 2014 (FISMA) evaluation, resolving eight of 17 findings from FY 2015 and closing 67 of 90 recommendations open from prior years. CNCS has improved and updated its policies and procedures for key security program areas, e.g., information security continuous monitoring (ISCM), risk management and Plan of Action and Milestones (POA&M) management. It has also entered into new service level agreements with the information technology (IT) contractor that manages the Corporation’s desktops, servers and network infrastructure. These improvements led evaluators to reduce the severity of two previous program weaknesses from Significant Deficiencies to Control Deficiencies. Evaluators determined that the Corporation implemented improvements to close all seven recommendations related to privacy controls for protection of personally identifiable information (PII).

Nevertheless, much work remains to make information security fully effective at CNCS. The FY 2016 FISMA evaluation uncovered two new weaknesses relating to: (1) secure configuration management policies, procedures and practices; and (2) monitoring and remediation of server backup failures. CNCS’s ISCM and Incident Response Program are rated at Level 2: Defined on a maturity scale that ranges from Level 1: Ad hoc to Level 5: Optimized. Of the 57 security metrics in the remaining areas, testing identified 25 instances of noncompliance with applicable laws, regulations and authoritative guidance governing information security.

GO

Semi Annual Report
ISSUED DATE
2016-09-30
GO
REPORT WASTE FRAUD & ABUSE
HOTLINE
(800) 452-8210
hotline@cncsoig.gov
The Office of Special Counsel
OfficeOfSpecialCounsel
CNCS
ignet
RSS FEED
Or Follow CNCSOIG Twitter on Twitter & Facebook Facebook for the latest news and reports.
GetAdobe
0
HOTLINE
(800) 452-8210
PHONE
(202) 606-9390
FAX
(202) 485-0008
PRIVACY POLICY
LEGAL DISCLAIMER
SITEMAP
0