Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
The Office of Information Management and Technology should immediately restrict access to documents containing Privacy Act information, or any other protected or restricted documentation stored on EXIM’s Information Technology (IT) systems, ensuring that only individuals with a need to know have access. | |||||
2 | No | $0 | $0 | ||
The Senior Agency Official for Privacy, in coordination with the Office of General Counsel, should assess within the Office of Management and Budget guidance whether there is a requirement to report the incident, and potential breach, and determine if any of the files were inappropriately accessed by individuals without a need to know. | |||||
3 | No | $0 | $0 | ||
The Chief Information Officer and the Chief Information Security Officer should develop a report regarding the circumstances that led to the incident and the lessons learned that will prevent future incidents and/or improve agency response, as required by EXIM’s Security Incident Handling Policy. | |||||
4 | No | $0 | $0 | ||
The Office of Information Management and Technology should implement any changes or lessons learned identified in the incident report, to include policy changes or updated training that address the production, maintenance, and disposal of non-record copies of official documents. |