Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
3 | No | $0 | $0 | ||
Develop and communicate an organization-wide Supply Chain Risk Management strategy/plan to manage the supply chain risks associated with the research, development, design, manufacturing, acquisition, delivery, integration, operations, maintenance, and disposal of the CPSC systems, system components, or services. | |||||
5 | No | $0 | $0 | ||
Develop, implement, and disseminate processes to implement Trusted Internet Connection 3.0, including updating its network and system boundary policies, in accordance with Office of Management and Budget Memorandum 19-26, Update to the Trusted Internet Connections (TIC) Initiative. This includes, as appropriate, the incorporation of Trusted Internet Connection security capabilities catalog, Trusted Internet Connection use cases, and Trusted Internet Connection overlays. | |||||
7 | No | $0 | $0 | ||
Develop, implement, and disseminate an Identity and Access Management policy and procedures which are in accordance with the most recent National Institute of Standards and Technology guidance. | |||||
9 | No | $0 | $0 | ||
Finalize and implement the Awareness and Training policy which is currently in draft. | |||||
11 | No | $0 | $0 | ||
Implement Information Security Continuous Monitoring roles and responsibilities. | |||||
12 | No | $0 | $0 | ||
Develop mechanisms to ensure Information Security Continuous Monitoring stakeholder accountability. | |||||
14 | No | $0 | $0 | ||
Develop and implement policies and procedures for maintaining a Continuity of Operations Plan and conducting organizational and system level Business Impact Analyses in accordance with current federal guidance. (e.g., National Institute of Standards and Technology Special Publication 800- 34/53, Federal Continuity Directive 1, National Institute of Standards and Technology Cybersecurity Framework, and National Archive and Records Administration guidance). |