Text of Recommendation | The U.S. African Development Foundation's Chief Financial Officer develop and fully implement a documented process to confirm that the foundation's security assessment and authorization activities for systems transitioned to cloud service providers are compliant with National Institute of Standards_x000D_
and Technology requirements. At a minimum, this should include a review of the security_x000D_
authorization package for the cloud service provider and a determination of risk to the_x000D_
foundation documented in an authorization-to-operate memo based on a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones. |
---|---|
Recommendation Number | 1 |
Recommendation Status | Closed |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |