This report evaluates the US Consumer Product Safety Commission’s (CPSC) progress in implementing the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF). 

The CSF provides guidelines for organizations to evaluate and improve an agency’s cybersecurity posture. This approach requires management to consider cybersecurity risks as part of the organization’s overall risk management assessment, specifically with a focus on an agency’s cybersecurity risk. 

The Office of Inspector General retained the services of Williams Adley & Company - DC LLP (Williams Adley), an independent public accounting firm, to assess the CPSC’s implementation of NIST’s CSF. 

This evaluation was performed in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation (CIGIE QSIE). 

Williams Adley determined that the CPSC has not implemented the CSF. Williams Adley made five recommendations to aid the CPSC as it implements the CSF which will allow agency staff to provide reliable and secure information systems to meet its mission and keep the American people safe.

In connection with our contract, we reviewed Williams Adley’s report and related documentation and inquired of its representatives. Our review was not intended to enable us to express, and we do not express, an opinion on the matters contained in the report. Williams Adley is responsible for the attached report. 

However, our review disclosed no instances where Williams Adley did not comply, in all material respects, with CIGIE’s QSIE.

PLEASE NOTE: When you purchase this title, the accompanying PDF will be available in your Audible Library along with the audio.