Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
KPMG recommends that the OCIO fully implement the current authoritative guidance regarding two-factor authentication. | |||||
2 | No | $0 | $0 | ||
KPMG recommends that the OCIO document and map access rights in OPM systems to personnel roles and functions, following the principle of 'least privilege'. | |||||
3 | No | $0 | $0 | ||
KPMG recommends that the OCIO enhance OPM’s information security control monitoring program to detect information security control weaknesses by: • Implementing and monitoring procedures to ensure system access is appropriately granted to new users, consistent with the OPM access approval process; and Monitoring the process for the identification and removal of separated users to ensure that user access is removed timely upon separation; implementing procedures to ensure that user access, including user accounts and associated roles, are reviewed on a periodic basis consistent with the nature and risk of the system, and modifying any necessary accounts identified. |