Text of Recommendation | The FHFA Chief Information Officer should Identify and implement a solution, in coordination with vendors, for meeting BOD 18-01 requirements to ensure all publicly accessible endpoints provide service through a secure connection (HTTPS-only, with HSTS). If there are no viable solutions, document any risk-based decisions, including compensating controls, for publicly accessible websites that are not in compliance with DHS BOD 18-01. |
---|---|
Recommendation Number | AUD-2022-010-1 |
Recommendation Status | Closed |
Significant Recommendation | No |
Submitting OIG | |
---|---|
Linked Report |