Quality Control Review of the Independent Auditor's Report on the Assessment of DOT's Information Security Program and Practices [open pdf - 1MB]
From the Highlights: "This report presents the results of our quality control review (QCR) of an audit of the Department of Transportation's (DOT) information security program and practices. The Federal Information Security Modernization Act (FISMA) requires agencies to develop, implement, and document agency-wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies' information security programs and report the results to the Office of Management and Budget. To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT's information security program and practices in five function areas--Identify, Protect, Detect, Respond, and Recover."
OST Report No. QC2021003; Office of the Secretary of Transportation Report Number QC2021003
Congressional Research Service: https://crsreports.congress.gov/