Which of the following is not part of Federal Information Security Management Act $($FISMA$)$ compliance?

If no inspector general exists in the agency under examination, the agency deputy director performs the annual evaluation.

The annual evaluation tests the value of the agency's IT security policies, procedures, and practices.

The annual evaluation tests a subset of the agency's information systems.

The appointed inspector general of the agency under examination performs a separate, annual evaluation.