It is a 37 page article, but I have bolded the information according to its importance. bold < bold underline < bold red underline. Fully sourced and cited.

https://docs.google.com/document/d/1klKGFVjLQADbRLOfAEIXvH5c20z_oVGZfIgA_6zt3Q8/edit?usp=sharing

Also posted to r/legal, r/accounting, r/auditing, and r/netsec for relevant expertise.

Also posted to v/politics, for the lulz.

Greetings,

I am an information security auditor with knowledge of the Federal Information Security Management Act (FISMA) of 2002. I would like to discuss some research that I have done regarding federal agency compliance with FISMA, and FISMA Audit Reports. Forgive the amount of information, but this is a complex topic and I am citing the actual sources of information. First let me saying that I am not certain that this is the direction, purpose, or intention of the FBI investigation into Hillary Clinton’s email server, and this is meant to be a technical discussion rather than a political one. This is my opinion on where the core issues are in the requirements for controlling federal information systems. Given the broad range of breaches across the private sector and in government, I believe that there should be a broader discussion of executive responsibilities related to information security. However this document traces a line of public information from the FISMA, to the Federal Information Processing Standards (FIPS) and mandates, to the National Institute of Standards and Technology (NIST) Special Publication 800 Series, to OMB Circular A130, to the Federal Information System Control Audit Manual (FISCAM), to the annual Whitehouse Reports to Congress on the Implementation of The Federal Information Security Management Act of 2002, to Office of Inspector General (OIG) Evaluation of the Department of State’s FOIA process for Requests Involving the Office of the Secretary, to OMB Circular A-123 Management's Responsibility for Internal Control, to Implementation Guide for OMB Circular A-123, Management’s Responsibility for Internal Control, to M-11-33 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management, to a single assertion in the 2011 Department of State FISMA Audit Report. I believe this line of evidence leads directly to a management assertion that could very well constitute a material misstatement, among the numerous other relevant issues raised related to potential non-compliance with FISMA. Lastly, this article presents information from the State Department Financial Management Reports regarding compliance with FISMA. This includes a statement where management disagrees with the findings and recommendations of the independent FISMA auditors.

Sources

Federal Information Security Management Act (FISMA) of 2002.

Federal Information Processing Standards (FIPS) and mandates

National Institute of Standards and Technology (NIST) Special Publication 800 Series

Homeland Security Presidential Directive No. 7 - Critical Infrastructure Identification, Prioritization, and Protection

OMB Circular A130 -Management of Federal Information Resources

Federal Information System Control Audit Manual (FISCAM)

Whitehouse Reports to Congress on the Implementation of The Federal Information Security Management Act of 2002

Office of Inspector General (OIG) Evaluation of the Department of State’s FOIA process for Requests Involving the Office of the Secretary

OMB Circular A-123 Management's Responsibility for Internal Control

Implementation Guide for OMB Circular A-123, Management’s Responsibility for Internal Control

M-11-33 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management

Homeland Security Presidential Directive 12 (HSPD-12)

2009-2013 Department of State FISMA Audit Reports

2009-2013 the State Department Financial Management Reports regarding compliance with FISMA.