Audit of USAID's Use of System Administrator Roles

Recommendation
1

USAID Chief Information Officer modify the AIDNet system security plan so that it is consistent with the requirements of Automated Directives System 545 for user lockout.

Questioned Cost
0
Close Date
Recommendation
2

The Director of Acquisition and Assistance reconfigure GLAAS to automatically lock all GLAAS user accounts after the designated number of unsuccessful logon attempts as defined in Automated Directives System 545, "Information System Security."

Questioned Cost
0
Close Date
Recommendation
3

The Director of Acquisition and Assistance modify the GLAAS configurations manual so it is consistent with the requirements of Automated Directives System 545, particularly for user lockout.

Questioned Cost
0
Close Date
Recommendation
4

The Director of Acquisition and Assistance provide training to system administrators on Automated Directives System 545, "Information System Security," to include understanding the risks of allowing more than the designated number of unsuccessful logon attempts.

Questioned Cost
0
Close Date
Recommendation
5

The Chief Financial Officer, with the assistance of the responsible Phoenix system administrators, create and document a system administration manual for managing the roles, rights, and privileges of Phoenix system users.

Questioned Cost
0
Close Date