March 2019

FY 2018 OVERVIEW

USAID’s information security program was evaluated as part of the FY 2018 annual FISMA audit by the Office of Inspector General (OIG). The audit report highlighted 120 of 135 of the selected NIST 800-53, Revision 4 security controls were properly implemented. This led to the determination of USAID having an overall effective information security program.

59 total IG metrics were assessed in the FY 2018 FISMA audit on a maturity model spectrum. Each metric corresponds to a specific function (Identify, Protect, Detect, Respond, and Recover) in alignment with the NIST Cybersecurity Framework Version 1.1, and was assigned a Level 1-5 maturity based on the evaluation criteria developed as a collaborative effort amongst Office of Management and Budget (OMB), Department of Homeland Security (DHS), and the Council of the Inspectors General on Integrity and Efficiency (CIGIE). Of the 59 IG metrics assessed, 41 metrics were found to be at a Level 3 or higher, with 16 of those metrics at a Level 4 or Level 5 maturity.

FY 2019 NEXT STEPS

The Agency continues to prioritize its workload in FY 2019 to remediate vulnerabilities, address deficiencies identified by the IG, and comply with emergency directives and memorandums to strengthen the Agency’s cybersecurity posture. Early FY 2019 accomplishments include SSL decryption for all outbound traffic implemented across CONUS and OCONUS locations and compliance with ED 19-01 (DNS Infrastructure Hijacking Campaign).

Read the full report [PDF, 240kb]