View PDF Document

The Office of Management and Budget (OMB) requires agencies to implement information security continuous monitoring (ISCM), which entails the near real-time detection of cybersecurity risks, threats, and malicious activity. Because the Department of Transportation (DOT) has multiple systems that contain sensitive data, we are initiating this audit of to assess (1) how DOT’s ISCM program conforms to OMB and National Institute of Standards and Technology requirements and (2) the status and progress of DOT’s implementation of its ISCM program. This audit also supports our annual Federal Information Security Modernization Act audit.