(a) Ensure that OIT monitors and promptly installs patches and antivirus updates across the enterprise when they are available from the vendor. Enhancements should include:Pending since FY 2017. (b) Implement a process to track patching of network devices and servers by the defined risk-based patch timelines in CNCS policy. (c) Monitor and record actions taken by the contractor to ensure vulnerability remediation for network devices and servers is addressed or the exposure to unpatchable vulnerabilities is minimized. (d) Replacement of information system components when support for the components is no longer available from the developer, vendor or manufacturer. (e) Enhance the inventory process to ensure all devices are properly identified and monitored.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
OIG-EV-20-03-1
Recommendation Number
1
Significant Recommendation
No