The Inter-American Foundation Has Implemented Many Controls in Support of FISMA, but Improvements Are Needed

Recommendations

Recommendation 1

The Inter-American Foundation's chief information officer remediate vulnerabilities in the network identified by the Office of Inspector General's contractor and document the results or document acceptance of the risks of those vulnerabilities.

Questioned Cost:
$0
Close Date:
Recommendation 2

The Inter-American Foundation's chief information officer develop and implement a continuous monitoring plan and program.

Questioned Cost:
$0
Close Date:
Recommendation 3

The Inter-American Foundation's chief information officer develop and implement monitoring controls of baseline configurations for the Enterprise Network and document the results.

Questioned Cost:
$0
Close Date:
Recommendation 4

The Inter-American Foundation's chief information officer complete a system risk assessment for the Enterprise Network that takes into account all known vulnerabilities, threat sources, and security controls planned or in place, determine the residual risk, and inform the authorizing official of the security state of the information system.

Questioned Cost:
$0
Close Date:
Recommendation 5

The Inter-American Foundation's chief information officer obtain a current authorization to operate the Enterprise Network that results from a completed security controls assessment and updated system security plan, risk assessment, and plan of action and milestones.

Questioned Cost:
$0
Close Date:
Recommendation 6

The Inter-American Foundation's chief information officer document and implement a process to review and analyze auditable events.

Questioned Cost:
$0
Close Date:
Recommendation 7

The Inter-American Foundation's chief information officer implement multifactor authentication for all network accounts and document the results.

Questioned Cost:
$0
Recommendation 8

The Inter-American Foundation's chief information officer update the continuity of operations plan to include a business impact analysis.

Questioned Cost:
$0
Close Date:
Recommendation 9

The Inter-American Foundation's chief information officer document and implement a process to validate annual testing of the continuity of operations plan.

Questioned Cost:
$0
Close Date:
Recommendation 10

The Inter-American Foundation's chief information officer develop and implement a written process to validate whether the plan of action and milestones is completed and updated promptly and includes all applicable control weaknesses.

Questioned Cost:
$0
Close Date:
Recommendation 11

The Inter-American Foundation's chief information officer update and implement the Information System Security Program Standard Operating Procedures to include the privacy controls identified in National Institute of Standards and Technology Special Publication 800-53, Revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations."

Questioned Cost:
$0
Close Date:
Recommendation 12

The Inter-American Foundation's chief information officer update the organization's Enterprise Network and Software Applications System Security Plan to reflect the current operating environment.

Questioned Cost:
$0
Close Date:
Recommendation 13

The Inter-American Foundation chief information officer obtain a written, fully executed Interconnection Security Agreement with the Department of Interior Business Center.

Questioned Cost:
$0
Close Date: