Text of Recommendation | HHS should perform an enterprise risk assessment over known control weaknesses (e.g., Authority to Operate, incomplete OpDiv provided system inventories, lack of OpDiv adherence to HHS information security policies) due to their federated environment and document an appropriate risk response (e.g., accept, avoid, mitigate, share, or transfer). |
---|---|
Recommendation Number | 22-A-18-053.03 |
Recommendation Status | Open |
Significant Recommendation | No |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |