Update the Risk Management Framework to reflect the current roles, responsibilities, policies, and procedures of the current DNFSB environment, to include:a. Defining a frequency for conducting Risk Assessments to periodically assess agency risks to integrate results of the assessment to improve upon mission and business processes.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Closed
Source UUID
250c7085-8542-40a5-89ef-85a43e852d74-3
Recommendation Number
3
Additional Information
Status: Open: Resolved. DNFSB published the Risk Assessment Policy in January 2023, which included defined frequencies for risk assessments and integrating those results into mission and business processes. As part of the external security assessment of the GSS, a risk assessment and control assessment were performed by an external auditor. DNFSB completed an external security assessment in June of 2023 and issued an updated ATO for the DNFSB GSS in July 2023. Based on actions already taken, DNFSB’s position is that this recommendation needs to be closed.
Significant Recommendation
Yes