Evaluation of DHS' Information Security Program for Fiscal Year 2015 (Revised)

We reviewed the Department of Homeland Security’s (DHS) information security program in accordance with the Federal Information Security Modernization Act of 2014. Our objective was to determine whether DHS’ information security program is adequate, effective, and complies with FISMA requirements. DHS has taken actions to strengthen its information security program. For example, DHS developed and implemented the Fiscal Year 2015 Information Security Performance Plan to define the performance requirements, priorities, and overall goals of the Department. DHS has also taken steps to address the President’s cybersecurity priorities, such as Information Security Continuous Monitoring; Identity, Credential, and Access Management; and anti-phishing and malware defense. Nonetheless, the Department must ensure compliance with information security requirements in other areas.