We recommend the Chief Information Officer, in conjunction with each program office, implement the security assessment process as described in NARA’s Enterprise Architecture to those applications/databases determined critical to carrying out NARA’s or program offices’ missions from Recommendation 1.