|Text of Recommendation|| |
For the information security program to be defined as effective under the FISMA maturity model, establish metrics and performance metrics to evaluate the effectiveness of configuration management, incident response, ISCM, and contingency planning policies and procedures, and processes to collect data, analyze results, and develop corrective actions.
|Recommendation Number|| |
|Recommendation Status|| |
|Significant Recommendation|| |
|Recommendation Questioned Costs|| |
|Recommendation Funds for Better Use|| |