The Federal Information Security Management Act of 2002, requires agencies to implement  information security programs, conduct annual effectiveness reviews, and report the results to OMB. For 2017’s review, OMB required determination of programs’ maturity levels—(lowest to highest) Ad Hoc, Defined, Consistently Implemented, Managed and Measurable, or Optimized. Our objective was to determine the program’s effectiveness for the 12 months prior to June 30, 2017, in five control areas—Identify, Protect, Detect, Respond, and Recover.

Click Here to Read the Report