USADF Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2018

Recommendations

Recommendation 1

United States African Development Foundation's chief information security officer fully develop and document a risk management strategy for information technology operations that requires the Foundation to identify: (i) risk assumptions; (ii) risk constraints (iii) risk tolerance; and (iv) priorities and trade-offs. 

Questioned Cost:
$0
Recommendation 2

United States African Development Foundation's chief information security officer update the Foundation’s access control policies and procedures to include the use of personal identity verification credentials and how the credentials are enforced for logical access to USADF’s information technology resources.

Questioned Cost:
$0
Recommendation 3

United States African Development Foundation's chief information security officer update the Foundation’s continuous monitoring policies and procedures to include how its chief Information officer, information technology systems administrator, and security analyst gather, document, assess, and remediate information system vulnerabilities, threats, and risks in a timely manner and then implement the procedures.

Questioned Cost:
$0