Report | May 10, 2022

Management Advisory: The DoD’s Compliance With the Cybersecurity Information Sharing Act of 2015 (DODIG-2022-092)


Publicly Released: May 12, 2022

The purpose of this management advisory is to provide the status of DoD’s compliance with the Cybersecurity Information Sharing Act of 2015 (CISA). CISA requires the Inspectors General of seven Federal agencies, including the DoD, to jointly report to Congress every 2 years on the actions taken by the Executive branch to implement CISA requirements. We assessed the DoD’s actions taken to implement CISA and provided our results to the Intelligence Community Inspector General, who issued an interagency report to Congress on December 2, 2021, summarizing the assessment results for all seven Federal agencies. Because that report, AUD‑2021‑002, “Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015,” December 2, 2021, did not include recommendations, we are issuing this management advisory to report the DoD‑specific assessment results and issue recommendations for corrective action.