Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
AUD-2025-004-1 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should establish and implement guidance for performing National Institute of Standards and Technology Cybersecurity Framework 2.0 activities through policies and procedures. | |||||
AUD-2025-004-2 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should ensure that Privileged Account Request eWorkflows are fully completed and approved for all privileged FHFA General Support System user accounts prior to granting access. | |||||
AUD-2025-004-3 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should ensure all applicable Organizational Units are included in the automated process that disables inactive accounts after 35 days. | |||||
AUD-2025-004-4 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should disable inactive Active Directory accounts after a period of 35 days of inactivity. | |||||
AUD-2025-004-5 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should create a Plan of Action and Milestones to establish when the annual Disaster Recovery Procedures for FHFA Production Systems exercise will be conducted and when the new system owners will be assigned and trained on their roles and responsibilities related to FHFA General Support System, Office of General Counsel Matter Management Tracking System, and the FHFA Status Tracking and Reporting system. | |||||
AUD-2025-004-6 | No | $0 | $0 | ||
FHFA’s Chief Information Officer should schedule and conduct an annual Disaster Recovery Procedures for FHFA Production Systems exercise for the FHFA General Support System, Office of General Counsel Matter Management Tracking System, and the FHFA Status Tracking and Reporting system, and ensure new system owners are trained to execute them. |