MCC Implemented Controls in Support of FISMA for Fiscal Year 2017 but Improvements Are Needed

Recommendation
1

Document and implement written procedures for account management that include: Completing, approving, and maintaining access request forms. Periodically recertifying users' access rights.

Questioned Cost
0
Close Date
Recommendation
2

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement procedures for approving access for global administrator accounts.

Questioned Cost
0
Close Date
Recommendation
3

We recommend that the Millennium Challenge Corporation's Chief Information Officer perform a documented review of current procedures to identify any missing controls required by National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal
Information Systems and Organizations. Based on that review, update the documented
procedures to address any missing controls.

Questioned Cost
0
Close Date
Recommendation
4

We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement mobile device policies and procedures that address all applicable mobile device controls as required by the MCC Information System Security Policy.

Questioned Cost
0
Close Date
Recommendation
5

We recommend that the Millennium Challenge Corporation's Chief Information Officer implement written procedures to conduct and maintain security impact analyses before approving change requests.

Questioned Cost
0
Close Date