Stay Informed
of New Reports
Twitter
Where To Report Waste
Fraud, Abuse, Or Retaliation
Where To Report Waste Fraud, Abuse, Or Retaliation
Recommendation Details
Text of Recommendation
FHFA should develop POA&Ms to track the remediation of past due CISA known exploitable vulnerabilities that cannot be remediated in a timely manner (within 14 days) in accordance with CISA’s BOD 22-01 and OTIM Vulnerability Management Process. Consider implementing compensating controls (i.e., isolating systems with un-remediated vulnerabilities) to mitigate the risk of the vulnerabilities.
Recommendation Number
AUD-2023-004-4
Recommendation Status
Open
Significant Recommendation
No
Recommendation Questioned Costs
$0
Recommendation Funds for Better Use
$0
Associated Report Details
Submitting OIG
Federal Housing Finance Agency OIG
Linked Report
Audit of the Federal Housing Finance Agency’s Information Security Programs and Practices Fiscal Year 2023