IT2023043 - Recommendation 13

Direct and require confirmation of completion from PHMSA's cloud-based system owner for the Pipeline Risk Management Information System-Infrastructure-as-a-service-and PHMSA Data Mart-Infrastructure-as-a-service to: a. Include in its executive summary/Authorization to Operate letter to the Authorizing Official proof of its review of cloud service provider's continuous monitoring activities to ensure its cloud system security posture remains sufficient for its own use and supports its ongoing authorization as FedRAMP requires for Pipeline Risk Management Information System. b. Include in its executive summary/Authorization to Operate letter to the Authorizing Official proof of its review of cloud service provider's continuous monitoring activities to ensure its cloud system security posture remains sufficient for its own use and supports its ongoing authorization as FedRAMP requires for PHMSA Data Mart.

Questioned Costs

$0

Funds for Better Use

$0

Recommendation Status

Open

Source UUID

IT2023043-13

Report

DOT's Cloud-Based Systems' Security Weaknesses Hinder Its Transition to a Zero Trust Architecture

Recommendation Number

13

Significant Recommendation

Yes