| Text of Recommendation | Ensure that Acquisition Security Unit analysts receive the training and resources necessary to fulfill IC Standard 731-02’s sourcing requirements and that ASU then incorporates the IC Directive 206 sourcing procedures into its vendor threat assessment process; that ASU and the SCRM Unit modify the existing vendor threat assessment process to better align its information collection methodology, risk tolerance levels, and other attributes with the enterprise needs; and that ASU develops policies or procedures to ensure that ASU vendor threat assessments, especially those for high or critical risk vendors, are updated every 2 years, as required by IC Directive 731. |
|---|---|
| Recommendation Number | 7 |
| Recommendation Status | Open |
| Significant Recommendation | No |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Additional Information | Accurate as of February 29, 2024. Also available on the DOJ OIG's website at the following link. |
| Additional Details Link |
| Submitting OIG | |
|---|---|
| Linked Report |