The CSB has not consistently implemented its information security program’s policies, procedures, and strategies.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
21-E-0071_1 | No | $0 | $0 | ||
Complete the Risk Assessment process as required by NIST 800-37, re-evaluate the Risk Management Framework to make in more fluent to leverage day-to-day processes in place for completing the risk assessment, and determine how to best implement an organization-wide governance process for monitoring and reporting on risks. | |||||
21-E-0071_2 | No | $0 | $0 | ||
Document the process in place to monitor required flaw remediation to resolution and enhance the flaw remediation process to require approvals if risks cannot be mitigated to an acceptable level in a timely manner. In addition, develop timeframes and monitoring on the timeliness of applying patch updates. |