Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
AUD-2024-010-2 | No | $0 | $0 | ||
FHFA should update the disaster recovery procedures document to ensure it includes (a) up to date time periods for the recovery time objective and the recovery point objective for resumption of the general support system operations consistent with the business impact analysis, (b) database procedures, and (c) steps to validate successful failover and failback of the remote access infrastructure system. | |||||
AUD-2024-010-3 | No | $0 | $0 | ||
FHFA should ensure the After Action Report is consistent with the Recovery Exercise Test Results by documenting all actions taken during the failover and failback of the disaster recovery exercise including all correct dates for when testing was conducted. | |||||
AUD-2024-010-4 | No | $0 | $0 | ||
FHFA should perform annual testing of the contingency plan in accordance with the recovery procedures document to ensure failover and failback are conducted as planned. | |||||
AUD-2024-010-5 | No | $0 | $0 | ||
FHFA should ensure Office of Technology and Information Management officials communicate planned disaster recovery exercises and any scheduled changes with all parties involved, including auditors and other independent observers. | |||||
AUD-2024-010-6 | No | $0 | $0 | ||
FHFA should encrypt all backup data-at-rest at FHFA’s alternate site and update the existing plans of action and milestones to include compensating controls until the plans of action and milestones has been closed. |