Direct and require confirmation of completion from OST's cloud-based system owner for the Federal Human Resources Navigator-Software-as-a-Service to: a. Include in its executive summary/Authorization to Operate letter to the Authorizing Official proof of its review of cloud service provider's continuous monitoring activities to ensure its cloud system security posture remains sufficient for its own use and supports its ongoing authorization as required by FedRAMP. b. Use personal identity verification cards as the primary authentication mechanism to ensure secure system login. c. Develop a Privacy Impact Analysis to help identify and manage personally identifiable information and privacy risks. d. Identify a security official to review system audit log files. e. Develop and implement a process to remove extracted data containing sensitive information within 90 days of extraction in accordance with DOT requirements.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
IT2023043-5
Report
Recommendation Number
5
Significant Recommendation
Yes