USDA Hits New Information Security Benchmark in 2025

Thanks to a multi-year strategic approach to improve the security of our information systems and effectively manage information technology resources and risks, the U.S. Department of Agriculture (USDA) earned a maturity score of 4 out of 5 for the first time ever in the 2025 Federal Information Security Modernization Act (FISMA) audit.

The Office of the Inspector General performs annual FISMA audits to assess the effectiveness of our management of cybersecurity risks.

The following key initiatives contributed to this achievement:

• The early adoption of the Department of Homeland Security (DHS) Continuous Monitoring and Diagnostic program approved tools, integrated services, and dashboards improved the visibility of USDA networks and systems. The adoption allowed real-time data to inform risk-based decisions and measure the health of the cybersecurity program.
• USDA prioritized Security Operations Center consolidation and maturation, mitigation of incidents, and sharing information across the federal government. This improved the maturity rating in the Incident Response domain to Optimized, the highest level of maturity.
• USDA was one of the only large federal agencies to achieve Event Logging Level 3 (EL3), the highest level of cybersecurity event logging maturity. EL3 centralizes access and visibility for the USDA Security Operations Center.

This maturity level signifies that while we consistently implement security policies and procedures, USDA also collects and uses quantitative and qualitative data to measure our effectiveness and make programmatic adjustments. While I am proud that our information security program achieved this milestone, we will continue to mature our security posture in efforts to support the mission of USDA.