Text of Recommendation | We recommend that the Department adhere to the SSP control requirements and avoid the use of generic and shared accounts. If generic and shared accounts are required, obtain a formal risk acceptance and develop a policy and procedure to: • Authorize the use of these accounts by approved personnel, • Control who can access the generic/shared accounts and those sensitive actions performed by the accounts are logged and reviewed every time the accounts are used, and • Require that generic/shared accounts’ passwords are changed each time approved personnel separate or transfer from the Department. |
---|---|
Recommendation Number | 2.10 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |