|Text of Recommendation|| |
We recommend that OPM document the governance requirements of the CSCC that at a minimum contain the following elements as stated by NIST: a) Assigns responsibilities for oversight of the CSCC; b) Mandates the same assessment and monitoring requirements as system-specific controls in OPM information systems; and c) Requires the communication of assessment results to SOs and ISSOs.
|Recommendation Number|| |
|Recommendation Status|| |
|Significant Recommendation|| |
|Recommendation Questioned Costs|| |
|Recommendation Funds for Better Use|| |