Annual Independent Evaluations
Under FIMSA, U.S. agencies’ information security programs must be independently evaluated yearly. The independent auditor is selected by the agency's inspector general or the head of the agency. The audit is submitted to the Office of Management and Budget.
Reference(s) in IAPP Certification Textbooks: G49
Associated law(s): FISMA