| Text of Recommendation | All vulnerabilities should be reviewed in terms of their risk classification (e.g. high, medium, and low). Furthermore, IT should establish a formalized policy for how timely deficiencies (high, medium, and low) need to be remediated. Best practices across other agencies remediate high vulnerabilities within 1 business day and medium vulnerabilities within 3-5 business days, therefore, FLRA should follow best practices. |
|---|---|
| Recommendation Number | 2 |
| Recommendation Status | Closed |
| Significant Recommendation | No |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Submitting OIG | |
|---|---|
| Linked Report |