MCC Generally Implemented an Effective Information Security Program for Fiscal Year 2018 in Support of FISMA

Recommendations

Recommendation 1

MCC's chief risk officer develop and implement its enterprise risk management program to include a strategy to manage risks associated with the operations and use of information systems.

Questioned Cost:
$0
Recommendation 2

MCC's chief information officer update the privacy threshold analysis for the MCC management information system with the revised template to determine whether a privacy impact assessment is required.

Questioned Cost:
$0
Recommendation 3

MCC's Domestic and International Security Office update MCC's "Background Investigation and Clearances for Federal
Employment, Contract Service and/or Volunteer Service at the Millennium Challenge Corporation" policy to reflect the current personnel security controls.

Questioned Cost:
$0
Recommendation 4

MCC's Domestic and International Security Office document and implement a process to review the data within the Background Investigation Access Database to validate whether the data are complete, accurate, and kept up-to-date.

Recommendation 5

MCC's Domestic and International Security Office document and implement a process to track reinvestigations of employees and contractors and initiate reinvestigations in a timely manner.