Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
001 | Yes | $0 | $0 | ||
We recommended the CIO: Develop and implement an unambiguous standard operating procedure, utilizing Federal Risk and Authorization Management Program guidance and leading practices, to monitor cloud service providers and escalate non-compliance effectively to the agency Authorizing Official, including defined risk management deficiency triggers. | |||||
002 | Yes | $0 | $0 | ||
We recommended the CIO: Develop and implement a validation of the provisioned exemptions to ensure all provisioned exemptions are provisioned appropriately. | |||||
003 | Yes | $0 | $0 | ||
We recommended the CIO: Complete in progress efforts to modernize impacted systems and subsequently enable multi-factor authentication. | |||||
004 | Yes | $0 | $0 | ||
We recommended the CIO: Enhance the validation process for the quarterly Chief Information Officer FISMA Metrics to ensure all metrics are reported accurately and are in accordance with applicable guidance and standards. | |||||
005 | Yes | $0 | $0 | ||
We recommended the CIO: Assign appropriate resources to perform the audit log reviews as required by the system security plan. | |||||
006 | Yes | $0 | $0 | ||
We recommended the CIO: Develop, implement, and track privacy-focused, role-based training for employees and contractors with significant privacy responsibilities. | |||||
007 | Yes | $0 | $0 | ||
We recommended the CIO: Develop and implement validation controls to ensure users are properly onboarded to LearningLink and assigned required trainings. |