The Inter-American Foundation Has Implemented Many Controls in Support of FISMA, but Improvements Are Needed

The Inter-American Foundation's chief information officer remediate vulnerabilities in the network identified by the Office of Inspector General's contractor and document the results or document acceptance of the risks of those vulnerabilities.

The Inter-American Foundation's chief information officer develop and implement a continuous monitoring plan and program.

The Inter-American Foundation's chief information officer develop and implement monitoring controls of baseline configurations for the Enterprise Network and document the results.

The Inter-American Foundation's chief information officer complete a system risk assessment for the Enterprise Network that takes into account all known vulnerabilities, threat sources, and security controls planned or in place, determine the residual risk, and inform the authorizing official of the security state of the information system.

The Inter-American Foundation's chief information officer obtain a current authorization to operate the Enterprise Network that results from a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones.

The Inter-American Foundation's chief information officer document and implement a process to review and analyze auditable events.

The Inter-American Foundation's chief information officer implement multifactor authentication for all network accounts and document the results.

The Inter-American Foundation's chief information officer update the continuity of operations plan to include a business impact analysis.

The Inter-American Foundation's chief information officer document and implement a process to validate annual testing of the continuity of operations plan.

The Inter-American Foundation's chief information officer develop and implement a written process to validate whether the plan of action and milestones is completed and updated promptly and includes all applicable control weaknesses.

The Inter-American Foundation's chief information officer update and implement the Information System Security Program Standard Operating Procedures to include the privacy controls identified in National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

The Inter-American Foundation's chief information officer update the organization's Enterprise Network and Software Applications System Security Plan to reflect the current operating environment.

The Inter-American Foundation chief information officer obtain a written, fully executed Interconnection Security Agreement with the Department of Interior Business Center.