FHFA’s Chief Information Officer should reevaluate the former Chief Information Officer’s risk acceptance related to the device lock policy and implement security controls to ensure that all FHFA laptops adhere to FHFA’s device lock policy in accordance with FHFA System Security and Privacy Plan for the General Support System (June 5, 2023).