Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
D-2025-0086-D000CP-0001-0001.1a | No | $0 | $0 | ||
(U) Rec. 1.a: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to identify all critical and non-critical software on the DoD Information Network that is subject to Office of Management and Budget-required self-attestation requirements. | |||||
D-2025-0086-D000CP-0001-0001.1b | No | $0 | $0 | ||
(U) Rec. 1.b: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to obtain Office of Management and Budget-required self-attestations from software providers or implement an Office of Management and Budget?approved alternative solution for all identified third-party software on the DoD Information Network. | |||||
D-2025-0086-D000CP-0001-0001.1c | No | $0 | $0 | ||
(U) Rec. 1.c: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to establish a plan of action and milestones to obtain all remaining Office of Management and Budget-required third-party provider self-attestations and request an extension from the Office of Management and Budget deadline. | |||||
D-2025-0086-D000CP-0001-0001.1d | No | $0 | $0 | ||
(U) Rec. 1.d: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to implement a process, such as periodic reviews of the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are accurately reporting the system authorization status for non?national security systems in accordance with DoD guidance. | |||||
D-2025-0086-D000CP-0001-0001.1e | No | $0 | $0 | ||
(U) Rec. 1.e: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to update the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that it captures compliance information for all controls associated with Inspector General Federal Information Security Modernization Act of 2014 reporting metrics for their non-national security systems. | |||||
D-2025-0086-D000CP-0001-0001.1f | No | $0 | $0 | ||
(U) Rec. 1.f: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to develop and implement a process, such as periodic reviews of the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials implemented the necessary National Institute of Standards and Technology information system controls and accurately reported the status for all non-national security systems. | |||||
D-2025-0086-D000CP-0001-0001.1g | No | $0 | $0 | ||
(U) Rec. 1.g: The DoD OIG recommended that the DoD Chief Information Officer direct DoD Components, including the Coast Guard, in coordination with the DoD Component Chief Information Security Officers, Chief Information Officers, and Authorizing Officials, to require officials to develop a plan of action and milestones for non-national security systems that have not implemented all Inspector General Federal Information Security Modernization Act of 2014 reporting metrics-related controls or those systems with a low implementation percentage (for example, below 75 percent), and track the completion of the plans until such controls are implemented or have elevated to an acceptable level and are reported in the Enterprise Mission Assurance Support Service, or an equivalent system. | |||||
D-2025-0086-D000CP-0001-0002 | No | $0 | $0 | ||
(U) Rec. 2: The DoD OIG recommended that the DoD Chief Information Officer direct the Army Chief Information Officer, in coordination with their Chief Information Security Officer and Authorizing Officials, to review the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are correctly reporting the system authorization status for their non-national security systems and update the status for any miscategorized systems. | |||||
D-2025-0086-D000CP-0001-0003 | No | $0 | $0 | ||
(U) Rec. 3: The DoD OIG recommended that the DoD Chief Information Officer direct the Navy Chief Information Officer, in coordination with their Chief Information Security Officer and Authorizing Officials, to review the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are correctly reporting the system authorization status for their non-national security systems and update the status for any miscategorized systems. | |||||
D-2025-0086-D000CP-0001-0004 | No | $0 | $0 | ||
(U) Rec. 4: The DoD OIG recommended that the DoD Chief Information Officer direct the Air Force Chief Information Officer, in coordination with their Chief Information Security Officer and Authorizing Officials, to review the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are correctly reporting the system authorization status for their non-national security systems and update the status for any miscategorized systems. | |||||
D-2025-0086-D000CP-0001-0005 | No | $0 | $0 | ||
(U) Rec. 5: The DoD OIG recommended that the DoD Chief Information Officer direct the Coast Guard Chief Information Officer, in coordination with their Chief Information Security Officer and Authorizing Officials, to review the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are correctly reporting the system authorization status for their non-national security systems and update the status for any miscategorized systems. | |||||
D-2025-0086-D000CP-0001-0006 | No | $0 | $0 | ||
(U) Rec. 6: The DoD OIG recommended that the DoD Chief Information Officer direct the Defense Security Cooperation Agency Chief Information Officer, in coordination with their Chief Information Security Officer and Authorizing Officials, to review the Enterprise Mission Assurance Support Service, or an equivalent system, to ensure that officials are correctly reporting the system authorization status for their non-national security systems and update the status for any miscategorized systems. |