Text of Recommendation | OIG-21-09 NCUA Federal Information Security Modernization Act of 2014 Audit—Fiscal
Year 2021, issued November 22, 2021, Number of Open Recommendations: 7, Potential Cost
Savings: $0
Recommendation#1—Review the SCRM NIST guidance and update the SCRM plan,
policies, and procedures to fully address supply chain risk management controls and
practices.
Recommendation #2—Document and implement a plan to deploy multifactor
authentication to address increased risks with the large number of personnel teleworking
without a PIV card during the pandemic.
Recommendation #3—Implement automatic disabling of inactive Salesforce Call Center
user accounts for DOCA users in accordance with NCUA policy.
Recommendation #4—Document and approve a formal acceptance of risk for not
disabling Salesforce inactive accounts after 30 days in accordance with NCUA policy for
users whose business needs do not require regular access to the system.
Recommendation #5—Complete and issue policies to implement the CUI program.
Recommendation #6—Upon issuance of the CUI policies, design and implement media
marking to designate protection standards for safeguarding and/or disseminating agency
information.
Recommendation #7— [Note: We redacted this recommendation under (b) (7)(E)]. |
---|---|
Recommendation Number | 1. Semiannual Report to the Congress (March 2022) |
Recommendation Status | Closed |
Significant Recommendation | No |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Additional Details Link |
Submitting OIG | |
---|---|
Report Title | Semiannual Report to the Congress (October 1, 2021 - March 31, 2022) |
Report Date Issued | Tuesday, May 24, 2022 |
Report Questioned Costs | $0 |
Report Funds for Better Use | $0 |