Evaluation of DHS' Information Security Program for Fiscal Year 2024
We rated DHS’ information security program for FY 2024 as “effective,” according to this year’s reporting instructions. We based this rating on our evaluation of DHS’ compliance with requirements of the Federal Information Security Modernization Act of 2014 for unclassified and national security systems. DHS received a maturity rating of “Level 5 – Optimized” in two functions and “Level 4 – Managed and Measurable” in three functions. We recommended the DHS Chief Information Officer strengthen oversight to ensure components adhere to DHS’ policies to remediate all known information security weaknesses in a timely manner. DHS concurred with our recommendation.