Inspector General’s Office Audits OPM’s FISMA Compliance Efforts

1 min read

An inspector general report evaluated the Office of Personnel Management’s security program and practices in compliance with the Federal Information Security Modernization Act and offered 47 recommendations to OPM, Nextgov reported Thursday.

Recommendations include assessment of skills gap, testing for data breaches, improvement in security training and recruitment of more information security personnel.

The report also found that OPM faces the risk of not being able to restore information technology systems in the event of another disaster, does not have a list of contractors that have access to the agency’s network and does not require personnel designated to privacy or “significant” security positions to undergo role-based training.

The IG report classified its audit findings and security recommendations for OPM into eight sections: risk management; configuration management; identity, credential and access management; data protection and privacy; security training; information security continuous monitoring; incident response; and contingency planning.