Information Security: Fiscal Year 2024 Independent Evaluation of the Smithsonian Institution’s Information Security Program
The Office of the Inspector General contracted with Castro & Company, LLC to evaluate the effectiveness ofthe Smithsonian's information security program in fiscal year 2024. For Fiscal year 2024, Castro found that the Smithsonian Institution’s Information security program was effective overall because it was operating at a managed and measurable level (Level 4) in all five cybersecurity functions (Identify, Protect, Detect, Respond, and Recover).