Results of the Evaluation of the FY 2021 Denali Commission Federal Information Security Modernization Act of 2014 (FISMA) Reporting Metrics

This report summarizes the results of our fiscal year (FY) 2021 Federal Information Security Modernization Act (FISMA) evaluation and assesses the maturity of controls used to address risks in each of the nine information security areas, called domains. We assessed the effectiveness of information security programs on the required maturity model spectrum, which is a rating scale for information security. We rated the Denali Commission’s overall program of information security as “not effective.” We made four recommendations for improvements. Denali Commission management agreed with all four recommendations and outlined corrective action plans to address identified vulnerabilities.