The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that the foundation's security assessment and authorization activities for systems transitioned to cloud service providers are compliant with National Institute of Standards_x000D_ and Technology requirements. At a minimum, this should include a review of the security_x000D_ authorization package for the cloud service provider and a determination of risk to the_x000D_ foundation documented in an authorization-to-operate memo based on a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones.