OPIC's chief information officer document and implement a process to update its Privacy Impact Assessments for the Corporation's information systems.
OPIC's chief information officer remediate patch and configuration vulnerabilities in the network identified by the Office of Inspector General, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.
OPIC's chief information officer document and implement a process to verify (1) the account management system is updated promptly to support the management of information system accounts and (2) inactive accounts are promptly disabled after 30 days in accordance with the Corporation's access control procedures.
OPIC's chief information officer document and implement procedures to record the date that system user accounts are disabled or deleted.
OPIC's chief information officer document and implement a process to verify that interconnection security agreements and memorandums of understanding are annually reviewed and, if needed, updated.
OPIC's chief information officer conduct (1) contingency training and (2) a test of the information system contingency plan in accordance with OPIC's policy.
OPIC's chief information officer document and implement a process to verify that patches are applied in a timely manner.