View PDF Document

Summary

As required by the Federal Information Security Management Act of 2002 (FISMA), the Office of Inspector General is initiating its fiscal year 2015 audit of the Department of Transportation’s (DOT) information security program and practices. As further required by FISMA, we will review a representative subset of DOT’s systems. Our audit objective is to determine the effectiveness of DOT’s information security program and practices. Specifically, we will review DOT’s (1) information security policy and procedures, (2) enterprise-level information security controls, (3) system-level security controls, and (4) management of information security weaknesses. We will also assess and report on the results of FISMA security metrics and performance measures through CyberScope, as required by the Office of Management and Budget (OMB). The results of our assessment and our audit report will be incorporated into the Secretary’s submission to OMB for fiscal year 2015.