Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | Yes | $0 | $0 | ||
We recommend that GSA’s Chief Financial Officer and Chief Information Officer conduct a comprehensive assessment of GSA’s CIO-IT Security-19-97, IT Security Procedural Guide: Robotic Process Automation (RPA) Security, (RPA policy) to ensure, among other things, that its monitoring controls are effectively designed and implemented. | |||||
2 | Yes | $0 | $0 | ||
We recommend that GSA’s Chief Financial Officer and Chief Information Officer develop oversight mechanisms to enforce compliance with the RPA policy and ensure that controls are operating effectively. | |||||
4 | Yes | $0 | $0 | ||
We recommend that GSA’s Chief Financial Officer and Chief Information Officer review all system security plans that bots currently interact with to determine if they address bot and non-person entity access. Update the system security plans, as needed. | |||||
6 | Yes | $0 | $0 | ||
We recommend that GSA’s Chief Financial Officer and Chief Information Officer review all system security plans that bots currently interact with to determine if the security controls need to be updated. Update the system security plans, as needed. | |||||
7 | Yes | $0 | $0 | ||
We recommend that GSA’s Chief Financial Officer and Chief Information Officer develop a comprehensive process for removing bot custodian and bot developer access for decommissioned bots and GSA systems that: aligns with GSA’s CIO-IT Security-01-07, IT Security Procedural Guide: Access Control (AC) (access control policy); tracks and documents that access has been removed; and incorporates the process into the RPA policy. |