Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 1-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should update the PAM Access Management standard operating procedure to include procedures for modifying users' access to the PAM database. | |||||
| 2-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should ensure Fiscal Service personnel adhere to Treasury policy and follow Fiscal Service onboarding procedures to ensure all users sign a Rules of Behavior form before granting them access to Fiscal Service's systems and infrastructure. | |||||
| 3-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should evaluate the existing configuration of the DLP solutions to determine whether additional security controls are necessary to mitigate the risk of unsecured external transmission of low-risk PII and implement any additional identified security controls. | |||||
| 3-2 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should update Fiscal Service's Email and Instant-Messaging Policy to provide clarity on when low-risk PII constitutes Controlled Unclassified Information and disseminate the updated policy to all applicable Fiscal Service personnel. | |||||
| 4-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should implement a control to ensure all eligible Treasury Disbursing Offices payments disbursed through ITS.gov are matched against the TOP database. | |||||
| 5-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should implement a control for ITS.gov payments to ensure that a NonTreasury Disbursing Office cannot enter duplicate payment schedule numbers into ITS.gov within the same fiscal year. | |||||
| 6-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should implement a control to reject any payments with clearly invalid TINs and make the agencies resubmit the payments with valid TINs. | |||||
| 6-2 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should issue guidance to agencies explaining the importance of inputting TINs accurately, and include in the guidance a requirement that agencies notify Fiscal Service of the need to use clearly invalid TINs. | |||||
| 7-1 | Yes | $0 | $0 | ||
| The Acting Commissioner of Fiscal Service should implement a supervisory control to ensure Fiscal Service personnel adhere to policy and validate only complete payment authority delegation and designation forms. | |||||