Audit of the Millennium Challenge Corporation's Fiscal Year 2014 Compliance with the Federal Information Security Management Act of 2002

Recommendation
1

We recommend that the Millennium Challenge Corporation's Chief Information Officer remediate, as appropriate, vulnerabilities on the network identified by the Office of Inspector General's contractor and document the results or document acceptance of the risks of those vulnerabilities.

Questioned Cost
0
Close Date
Recommendation
2

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process to conduct periodic, as defined by the Corporation, reviews of MCCNet users to verify that appropriate access privileges have been assigned.

Questioned Cost
0
Close Date
Recommendation
3

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement an updated service account review process that includes follow-up and verification of actions taken after the reviews.

Questioned Cost
0
Close Date
Recommendation
4

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement a process for confirming that contractor systems are continuously monitored and assessed in accordance with the Corporation's policies.

Questioned Cost
0
Close Date
Recommendation
5

We recommend that the Millennium Challenge Corporation's Chief Information Officer update the Corporation's Information Systems Security Policy to include requirements in National Institute of Standards and Technology Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.

Questioned Cost
0
Close Date
Recommendation
6

We recommend that the Millennium Challenge Corporation's Chief Information Officer complete and implement Post Phase 2 (enterprise architecture use and maintenance) of the Corporation's plan to establish its enterprise architecture program.

Questioned Cost
0
Close Date
Recommendation
7

We recommend that the Millennium Challenge Corporation's Chief Information Officer update the MCCNet System Security Plan to document the system's security controls.

Questioned Cost
0
Close Date