| 1 |
No |
$0 |
$0 |
|
|
Review the installed applications on all issued laptops to ensure no unauthorized software is present.
|
| 2 |
No |
$0 |
$0 |
|
|
Review the FMC "user" setting population to ensure each "user" is properly configured in compliance with FMC's approved GPOs.
|
| 3 |
No |
$0 |
$0 |
|
|
Review Active Directory settings to ensure unauthorized software cannot be installed, including the Print Driver settings.
|
| 4 |
No |
$0 |
$0 |
|
|
Regular software audits should be scheduled on all issued laptops to ensure compliance with FMC approved software policy.
|
| 5 |
No |
$0 |
$0 |
|
|
Security Awareness training should be provided annually to all FMC users on the risks of downloading software.
|
| 6 |
No |
$0 |
$0 |
|
|
Security Awareness training should be provided to all network administrators on the importance of secure configuration management on user devices.
|
| 7 |
No |
$0 |
$0 |
|
|
Perform the procedures and associated controls identified in the SCRM SOP. The SOP lists fourteen procedures to perform.
|
| 8 |
No |
$0 |
$0 |
|
|
During its annual review for changes to Commission Order (CO)-112, Acquisitions, include verbiage that all IT acquisitions should follow the SCRM SOP by reference.
|
| 9 |
No |
$0 |
$0 |
|
|
Review the settings on all issued laptops to ensure MFA requirements are in place.
|
| 10 |
No |
$0 |
$0 |
|
|
Review the FMC user setting population to ensure each user is properly configured.
|
| 11 |
No |
$0 |
$0 |
|
|
Regular configuration audits should be scheduled on all issued laptops to ensure compliance with FMC MFA requirements.
|
| 12 |
No |
$0 |
$0 |
|
|
Periodically require FMC personnel to log out and shut down laptops to ensure all requirements are being installed correctly.
|
| 13 |
No |
$0 |
$0 |
|
|
Security Awareness training should be provided to all network administrators on the importance of secure configuration management on user devices.
|
| 14 |
No |
$0 |
$0 |
|
|
HRK recommends that FMC implement a monitoring process of required trainings at FMC so that when issues like the vendor management issue arises, they can identify and address early on to ensure the required training is met.
|
| 15 |
No |
$0 |
$0 |
|
|
FMC should develop an executable plan to meet the requirements of OMB M-21-31 and ensure the plan is properly supported.
|
| 16 |
No |
$0 |
$0 |
|
|
Create an overall BIA policy, procedures, and processes or incorporate a BIA policy, procedures, and processes into its existing contingency planning documents.
|
| 17 |
No |
$0 |
$0 |
|
|
Create a Template for completing BIAs consistently across the commission following NIST SP 800-34, rev. 1, Contingency Planning Guide for Federal Information Systems, Chapter 3.
|
| 18 |
No |
$0 |
$0 |
|
|
Incorporate the BIAs results into its overall contingency planning efforts.
|
