June 2024

Security testing

The FAC completed our compliance-required security testing earlier this month and received a positive report from our oversight body. With this testing complete, the FAC has now done the majority of our Authorization to Operate (ATO) assessment. We're now working with our assessment team to complete the remaining documentation requirements. The ATO process identifies areas of potential security risk and ensures we've taken steps to reduce or eliminate those risks. It also documents our policies for keeping the FAC up-to-date. You can read more about the ATO process on digital.gov.

Historical data migration

The team is closing in on final remediation for the historical audits that failed initial migration. These audits have a variety of data quality issues that don't meet the FAC's validation standards. For example, some historical audits are missing contact information for certifying officials; others incorrectly report total federal program expenditures. We follow a standardized process to address each of these issues. First, we describe the issue and analyze its prevalence in the dataset. Next, the team brainstorms ways to fix the issue, such as calculating the correct total for a summary field or using a placeholder value where information is missing. Finally, we apply the remediation to the problematic data. If you would like to learn more, visit this GitHub issue where we are tracking the work.

Fixes and improvements

While the ATO team conducted the security testing, our engineering team continued to work on bug fixes and other site improvements. In the last month, the team:

• added a timer to the search results page
• improved accessibility testing
• fixed a bug related to sorting search results by cog/over

For more information on these fixes and more, see the FAC's June 6th release.