DHS’ information security program for FY 2021 was rated “not effective,” according to this year’s reporting instructions.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
Enforce requirements for components to obtain authority to operate, resolve critical and high-risk vulnerabilities, and apply sufficient resources to mitigate security weaknesses. | |||||
3 | No | $0 | $0 | ||
Revise DHS 4300A Policy, Handbook, and Ongoing Authorization methodology to incorporate applicable changes from NIST SpecialPublications, including SP 800-37, Revision 2, SP 800-53 Revision 5, and SP 800-137A to maintain consistency between the documents. |