We recommend that NARA implement the following corrective actions: Complete efforts to implement the Net IQ Sentinel product. Develop and implement processes and procedures to monitor and at least weekly review user activity and audit logs (in accordance with NARA IT Security Requirements), on the network, RRS, B&A, ENOS-HMS and DCU systems that may indicate potential security violations. Ensure the procurement of new IT system hardware and software, which provides user authentication, includes a minimum set of audit logging controls and functionality in accordance with NARA’s IT Security Requirements, AU-2.