We found weaknesses in DOI’s cyber risk management and governance could cause mission disruptions, compromised data, and misuse of public funds.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
2022-ITA-025-01 | Yes | $0 | $0 | ||
We recommend that the Office of the Chief Information Officer extend the capability of its data loss prevention solution to include rule-based analysis to detect and prevent the exfiltration of sensitive data from the subject system in accordance with industry best practices. | |||||
2022-ITA-025-02 | Yes | $0 | $0 | ||
We recommend that the Office of the Chief Information Officer regularly test the Department's data loss prevention capability to ensure that sensitive data in the subject system is protected against data exfiltration attempts. | |||||
2022-ITA-025-03 | No | $0 | $0 | ||
We recommend that the Office of the Chief Information Officer evaluate data communication protocols in use by the subject system that are vulnerable to exploitation and implement controls to mitigate identified vulnerabilities. | |||||
2022-ITA-025-10 | No | $0 | $0 | ||
We recommend that the Office of the Chief Information Officer ensure all existing non-Foundation Cloud Hosting Services contracts are migrated to an approved enterprisewide cloud-hosting procurement or modified to incorporate OCIO requirements and best practices for procuring cloud services, as recommended by the Chief Acquisition Officer and Chief Information Officer Councils and OCIO policy. |