Skip to main content

(a) Ensure that OIT monitors and promptly installs patches and antivirus updates across the enterprise when they are available from the vendor. Enhancements should include:Pending since FY 2017. (b) Implement a process to track patching of network devices and servers by the defined risk-based patch timelines in CNCS policy. (c) Monitor and record actions taken by the contractor to ensure vulnerability remediation for network devices and servers is addressed or the exposure to unpatchable vulnerabilities is minimized. (d) Replacement of information system components when support for the components is no longer available from the developer, vendor or manufacturer. (e) Enhance the inventory process to ensure all devices are properly identified and monitored.

Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
OIG-EV-20-03-1
Report
FISCAL YEAR 2019 FEDERAL INFORMATION SECURITY MODERNIZATION ACT EVALUATION OF THE CORPORATION FOR NATIONAL AND COMMUNITY SERVICE
Recommendation Number
1
Significant Recommendation
No
Migration Source
http://oversight-d7.lndo.site/node/318946
http://oversight-d7.lndo.site/node/318946/edit
https://www.oversight.gov/node/318946
https://www.oversight.gov/node/318946/edit