Skip to main content

Federal Information System Controls Audit Manual

GAO-26-108633 Published: Jun 29, 2026. Publicly Released: Jun 29, 2026.
Jump To:

Fast Facts

Given the extensive use of information systems in government operations, it is essential that federal agencies have effective controls over these systems.

The Federal Information System Controls Audit Manual (FISCAM) provides auditors a methodology and framework for assessing the design, implementation, and operating effectiveness of information system controls in accordance with the Yellow Book.

This June 2026 revision replaces the 2024 version of FISCAM.

Federal Information System Controls Audit Manual cover page.

Federal Information System Controls Audit Manual cover page.

Skip to Highlights

Highlights

The U.S. Government Accountability Office (GAO) and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) worked jointly on this revision of the Federal Information System Controls Audit Manual (FISCAM), marking a major milestone in partnership and a shared commitment to strengthening and clarifying audit guidance.

For more information, please visit the main FISCAM page, or contact Dawn B. Simpson at simpsondb@gao.gov.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Information systemsGovernment auditing standardsInformation securityInternal controlsAuditorsPrivacyInformation security managementInformation technologySoftwareFederal Information Processing Standards