Text of Recommendation | Review and consider updating IT-930-02, Security Control Manual, to:
a. Require control, AC-5 Segregation of Duties, for all moderate systems. Further, Smithsonian management should expand their current implementation of AC-5 to address both administrative and non-administrative accounts.
b. Require control, AC-6 Least Privilege, for all moderate and high systems. Further, Smithsonian management should expand their current implementation of AC-6 to address both administrative and non-administrative accounts.
c. Include control, AU-2 Auditable Events, for all low, moderate, and high systems. |
---|---|
Recommendation Number | OIG-A-22-05-01 |
Recommendation Status | Closed |
Significant Recommendation | Yes |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |