| Text of Recommendation | Develop and implement a formal process to identify, document, and periodically test, security controls for all systems (major or minor) that collect, process, store, or transmit sensitive personally identifiable information. Where systems processing sensitive PII are considered minor, documentation should clearly identify what controls are being inherited from other systems and what controls are specific to the system. |
|---|---|
| Recommendation Number | OIG-A-23-02-02 |
| Recommendation Status | Open |
| Significant Recommendation | Yes |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Submitting OIG | |
|---|---|
| Linked Report |