Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
D-2024-0084-D000CP-0001-0001.a | No | $0 | $0 | ||
(U) Rec. 1.a: The DoD OIG recommended that the DoD Chief Information Officer develop, in coordination with the Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition and Sustainment, a DoD?wide Supply Chain Risk Management strategy as required by the National Institute of Standards and Technology guidance. | |||||
D-2024-0084-D000CP-0001-0001.b | No | $0 | $0 | ||
(U) Rec. 1.b: The DoD OIG recommended that the DoD Chief Information Officer develop, in coordination with the Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition and Sustainment, policies and procedures implementing the DoD-wide Supply Chain Risk Management strategy as required by the National Institute of Standards and Technology guidance, including organizational-wide tools and techniques that allow DoD Components to consistently and effectively manage risks associated with using external providers. | |||||
D-2024-0084-D000CP-0001-0001.c | No | $0 | $0 | ||
(U) Rec. 1.c: The DoD OIG recommended that the DoD Chief Information Officer determine when DoD Components should complete a privacy impact assessment for information systems and ensure that all DoD guidance, including DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance," July 14, 2015, Incorporating Change 1, August 11, 2017, and the DoD Risk Management Framework Knowledge Service guidance, aligns with that determination. | |||||
D-2024-0084-D000CP-0001-0001.d | No | $0 | $0 | ||
(U) Rec. 1.d: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, in coordination with the Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to require that officials conduct privacy impact assessments for all non-national security systems and update the Enterprise Mission Assurance Support Service, or its equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.e | No | $0 | $0 | ||
(U) Rec. 1.e: The DoD OIG recommended that the DoD Chief Information Officer implement a process, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, such as periodic Enterprise Mission Assurance Support Service reviews, to ensure that officials complete privacy impact assessments for all non-national security systems and update the Enterprise Mission Assurance Support Service, or its equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.f | No | $0 | $0 | ||
(U) Rec. 1.f: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, in coordination with the Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to conduct business impact analyses for all non-national security systems and update the Enterprise Mission Assurance Support Service, or equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.g | No | $0 | $0 | ||
(U) Rec. 1.g: The DoD OIG recommended that the DoD Chief Information Officer implement a process, in coordination with the Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, such as periodic Enterprise Mission Assurance Support Service reviews, to ensure that DoD officials complete business impact analyses for all non-national security systems and update the Enterprise Mission Assurance Support Service, or its equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.h | No | $0 | $0 | ||
(U) Rec. 1.h: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, in coordination with the Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to conduct information system contingency plan testing, including annual tests, for all non-national security systems and update the Enterprise Mission Assurance Support Service, or its equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.i | No | $0 | $0 | ||
(U) Rec. 1.i: The DoD OIG recommended that the DoD Chief Information Officer implement a process, in coordination with the Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, such as periodic Enterprise Mission Assurance Support Service reviews, to ensure that DoD officials annually test contingency plans for all non-national security systems and update the status of the tests in Enterprise Mission Assurance Support Service, or its equivalent system, as required by DoD guidance. | |||||
D-2024-0084-D000CP-0001-0001.k | No | $0 | $0 | ||
(U) Rec. 1.k: The DoD OIG recommended that the DoD Chief Information Officer complete actions, in coordination with the Chief Information Security Officer, to fully incorporate the National Institute of Standards and Technology Special Publication 800-53, "Security and Privacy Controls for Information Systems and Organizations," Revision 5, Updated December 2020, requirements into DoD policies and procedures, such as updating control information outlined in the Risk Management Framework Knowledge Service and the Enterprise Mission Assurance Support Service. | |||||
D-2024-0084-D000CP-0001-0001.l | No | $0 | $0 | ||
(U) Rec. 1.l: The DoD OIG recommended that the DoD Chief Information Officer implement a process, in coordination with the Chief Information Security Officer, to incorporate future National Institute for Standards and Technology requirements into DoD policies and procedures for all DoD systems in a timely manner. |