| Text of Recommendation | Develop qualitative and quantitative performance measures to evaluate the effectiveness of the following: Configuration management plan and change control activities; Data exfiltration and enhanced network defenses; Data breach response plan; Privacy awareness training program; Incident response capability; ISCM policies, strategy, and processes; Incident detection, analysis, handling, and response activities; Information system contingency plans. For all performance measures, ensure that supporting data is obtained accurately, consistently, and in a reproducible format. |
|---|---|
| Recommendation Number | 5 |
| Recommendation Status | Open |
| Significant Recommendation | Yes |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Additional Details Link |
| Submitting OIG | |
|---|---|
| Report Title | Quality Control Review of the Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices |
| Report Submitting OIG-Specific Report Number | QC2024038 |
| Report Date Issued | Wednesday, September 4, 2024 |
| Report Agency Reviewed / Investigated | |
| Report Questioned Costs | $0 |
| Report Funds for Better Use | $0 |