|Text of Recommendation|| |
FHFA should ensure that (a) the FHFA Information Security Incident and Personally Identifiable Information Breach Response Plan is reviewed and approved annually by the Chief Information Security Officer and Senior Agency Official of Privacy to include any new reporting guidelines from the United States Computer Emergency Readiness Team, changes to incident handling procedures based on lessons learned, and any new incident response developments throughout the year, and (b) documented evidence of that review and approval is maintained.
|Recommendation Number|| |
|Recommendation Status|| |
|Significant Recommendation|| |