Departmental Offices (DO) management should define and document the process of monitoring and reviewing the security authorization package and risks and controls identified for the DO System 2 by the service provider, as required by DO Information Technology Security Policy (DO P 910), Department of the Treasury Information Technology Security Program (TD P 85-01), and National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800-53, Rev. 4).
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Closed
Source UUID
59e3b054-9a9d-4f59-8088-171ce5c411bf-3-1
Recommendation Number
3-1
Significant Recommendation
Yes