Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
D-2019-0106-D000CR-0001-0002.a | No | $0 | $0 | ||
Rec. 2.a: The DoD OIG recommended that the Under Secretary of Defense for Acquisition and Sustainment update existing DoD acquisition policies or develop and implement new policy to require organizations to review and evaluate cybersecurity risks, including supply chain and counterintelligence risks, for high-risk commercial off-the-shelf items prior to purchase, regardless of purchase method. | |||||
D-2019-0106-D000CR-0001-0001.a | No | $0 | $0 | ||
Rec. 1.a: The DoD OIG recommended that the Secretary of Defense direct an organization or group to develop a risk-based approach to prioritize commercial off-the-shelf items for further evaluation. | |||||
D-2019-0106-D000CR-0001-0001.b | No | $0 | $0 | ||
Rec. 1.b: The DoD OIG recommended that the Secretary of Defense direct an organization or group to develop a process to test high-risk commercial off-the-shelf items. | |||||
D-2019-0106-D000CR-0001-0001.c | No | $0 | $0 | ||
Rec. 1.c: The DoD OIG recommended that the Secretary of Defense direct an organization or group to develop a process to prohibit the purchase and use of high-risk commercial off-the-shelf items, when necessary, until mitigation strategies can limit the risk to an acceptable level. | |||||
D-2019-0106-D000CR-0001-0002.b | No | $0 | $0 | ||
Rec. 2.b: The DoD OIG recommended that the Under Secretary of Defense for Acquisition and Sustainment update Government purchase card program policy and training to include training on common cybersecurity risks, including supply chain and counterintelligence risks, for commercial off-the-shelf information technology items and the impact of the risks to the mission. | |||||
D-2019-0106-D000CR-0001-0003 | No | $0 | $0 | ||
Rec. 3: The DoD OIG recommended that the DoD Chief Information Officer revise DoD Instruction 8100.04, "DoD Unified Capabilities (UC)," December 9, 2010, to require an assessment of supply chain risks as a condition for approval to be included on the Unified Capabilities approved products list. |