Document and implement written procedures for account management that include: Completing, approving, and maintaining access request forms. Periodically recertifying users' access rights.
We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement procedures for approving access for global administrator accounts.
We recommend that the Millennium Challenge Corporation's Chief Information Officer perform a documented review of current procedures to identify any missing controls required by National Institute of Standards and Technology Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal
Information Systems and Organizations. Based on that review, update the documented
procedures to address any missing controls.
We recommend that the Millennium Challenge Corporation's Chief Information Officer document and implement mobile device policies and procedures that address all applicable mobile device controls as required by the MCC Information System Security Policy.
We recommend that the Millennium Challenge Corporation's Chief Information Officer implement written procedures to conduct and maintain security impact analyses before approving change requests.