Text of Recommendation | Ensure that missing security patches are either applied in accordance with DOT policy or that vulnerable software is otherwise remediated on the affected endpoints. In addition, ensure that missing security patches attributable to specific mission/business requirements are identified, control weaknesses are appropriately documented in POA&Ms, and that the authorizing official is aware of and has accepted risk for the associated weaknesses. |
---|---|
Recommendation Number | 11 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Additional Details Link |
Submitting OIG | |
---|---|
Linked Report |