Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
2025-02-01 | No | $0 | $0 | ||
PBGC should implement an enterprise-wide approach to prevent counterfeit components from entering its supply chain and establish performance measures to gauge the effectiveness of its anti-counterfeit policies and procedures. Additionally, PBGC should provide a comprehensive anti-counterfeit training for its personnel. | |||||
2025-02-02 | No | $0 | $0 | ||
PBGC should manage Active Directory certificate template settings effectively by hardening and auditing existing templates in the environment. Privileges should also be assessed for all templates to prevent unauthorized changes to the configuration settings. | |||||
2025-02-03 | No | $0 | $0 | ||
PBGC should establish robust network segmentation and configure firewalls with default rules to ensure the guest wireless network is effectively isolated from internal resources. | |||||
2025-02-04 | No | $0 | $0 | ||
PBGC should establish a comprehensive system for monitoring, analyzing, and reporting on quantitative performance measures to evaluate the effectiveness of its Data Breach Response policies and procedures. | |||||
2025-02-05 | No | $0 | $0 | ||
PBGC should implement an effective specialized security training program that includes steps to identify and prevent phone-based social engineering for all employees. | |||||
2025-02-06 | No | $0 | $0 | ||
PBGC should strengthen its controls around verifying the identity of PBGC personnel prior to temporarily disabling their requirement for MFA for remote access should a user purportedly have a malfunctioning PIV card or other MFA token. |