External auditors KPMG carried out a performance audit on the FBI’s overall internet security program and practices to determine whether they were consistent with the requirements of the Federal Information Security Modernization Act (FISMA), which the OIG reviewed. It identified weaknesses in six out of seven domain areas in the FBI’s ISP, and made 38 recommendations for improving it.
An audit was also conducted on the security of the FBI’s DirectorNet system, which identified weaknesses in two out of the seven control areas. Auditors made two recommendations to strengthen the system and ensure data is adequately protected.
KPMG also conducted an audit on the FBI’s Background Investigation Contract Service Unit (BICS) Online Transfer System (BOLTS) but found this was consistent with FISMA requirements.
OIG has published a summary of each audit but detailed information will not be publicly available because disclosing it could be considered a security risk.