The Office of Personnel Management’s (OPM) Office of the Inspector General (OIG) has released its final audit for the agency’s compliance with the Federal Information Security Modernization Act (FISMA) for fiscal year 2020.
OPM OIG said in the report dated Oct. 30 that OPM has implemented best practices in areas such as risk management, configuration management and data privacy but has not yet implemented FISMA requirements for contingency planning.
According to the report, OPM is working to develop an enterprise risk management strategy as well as baseline configurations for information systems.
The agency is also continuing efforts to establish a strategy for identity, credential and access management in addition to implementing controls for incident response, data protection and data privacy.
However, the OIG noted that OPM is still facing resource constraints at its Office of Privacy and Information Management. OPM also needs to address gaps in security training, according to the report.
In addition, OPM must complete its implementation of continuous information security monitoring to avoid obstacles in conducting security assessments across the agency's information systems, the report states.
The OIG used the Department of Homeland Security’s (DHS) FISMA IG reporting metrics to assess OPM’s information technology security compliance efforts.