Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
ISD-IN-MOA-0004-2014-I-04 | No | $0 | $0 | ||
We recommend that DOI's Chief Information Officer incorporate and enforce the following items into its newly evolving vulnerability management program- a. enterprise-level monitoring and reporting of all devices and software packages; b. enterprise-level enforcement of consistent assessment, detection, prioritization and remediation techniques; c. required elevated account credential usage for testing; d. enterprise-level monitoring and bureau accountability for patch deployment; and e. enterprise-level quarantining for critically vulnerable systems that are not patched in a pre-defined timeframe. |