Fiscal Year
2013
Executive Summary
Based on the results of its evaluation, Brown & Company concluded that the Agency has made
positive strides over the last year in addressing information security weaknesses and continues to
make progress in becoming fully FISMA compliant. However, the Agency still faces challenges
to fully implement information security requirements as stipulated in various federal guidelines
and mandates. This report contains twelve (12) FISMA findings with twelve (12)
recommendations concerning issues such as:
- Implementation of Continuous Monitoring policy and procedures;
- Improvement to the physical access security controls for Headquarters and the Alternate Telecom Site;
- Improvement to the Configuration Management policies and procedures;
- Implementation of Multifactor Authentication for physical and logical access; and
- Resolving Internal Vulnerability Assessment results..