Federal Reports

Pursuant to the Federal Information Security Modernization Act of 2014 (FISMA), an independent external auditor, on behalf of OIG conducted an annual independent audit of AmeriCorps’ information security program and practices. The fiscal year (FY) 2024 FISMA audit concluded that AmeriCorps’ information security program remains ineffective, assessed as of July 31, 2024. Control weaknesses in the following areas prevent AmeriCorps’ cybersecurity program from maturing: (1) inventory management, (2) supply chain risk management program, (3) vulnerability and patch management program, (4) personnel screening process, (5) authorization packages, (6) logging, and (7) contingency planning. AmeriCorps did not specify the findings and recommendations with which they were in agreement or disagreement. AmeriCorps’ response is included in its entirety in Appendix IV of the audit report. The recommendations related to the seven findings will remain open until corrective actions have been fully implemented.

This report includes EAC OIG’s independent assessment of the top management challenges facing EAC in fiscal year 2025.

The Office of Inspector General's annual plan outlines the work planned for the year ahead, including agency wide audits or evaluations, mandated reviews, and which posts may receive audits or evaluations.