FY2020 Q1 Quarterly Report

The USAID Federal Information Security Modernization Act of 2014 (FISMA) program is off to a great start this fiscal year. The Agency received a Chief Information Officer (CIO) metrics ranking of “Managing Risk” from the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) for all functions in the Cybersecurity Risk Management Assessment (RMA).

USAID also completed an important milestone with the assessment of High Value Assets (HVAs) to ensure that implemented security controls continue to work effectively and deter intrusion, as required by DHS Binding Operational Directive (BOD)18-02, Securing High Value Assets.¹

In preparation for the upcoming FY2020 FISMA Audit, USAID is executing the following tasks:

• Perform an Inspector General (IG) Gap Analysis and mitigate the discovered material weaknesses that could potentially put the Agency’s information security program and data at risk.
• Inspect, test, and mitigate technical security controls to ensure the CIO quantitative metrics continue to meet and exceed the Federal baseline.
• Align with the National Institute of Standards and Technology Privacy Framework to advance and mature the Privacy Program.
• Continue work on closing FY2019 FISMA Audit² findings and recommendations.
• Ensure that security controls for FISMA systems remain effective, operate as intended, and meet the desired mission goals and objectives.

The Agency continues to improve its cybersecurity performance and mature its FISMA program as these tasks are completed.

Finally, the M/CIO Information Assurance (IA) Division continues its support for the Enterprise Risk Management (ERM) team. The team’s ongoing Governance, Risk, and Compliance product evaluations include analysis of alternatives to validate product options against business and technical requirements in an ongoing basis. The goal is to provide a centralized, enterprise-wide dashboard view of risks across the organization—including recommended activities with risk treatment options—that allow senior leadership to make informed, risk-based decisions. M/CIO and ERM continue to work closely with USAID Management Bureau, Office of Acquisition and Assistance to determine procurement strategy for acquisition to align with Agency mission.

1 See DHS BOD 18-02 for more information.
2 See OMB Memorandum M-20-04, Fiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements.