The United States African Development Foundation’s Information Security Program Needs Improvements To Comply With FISMA

The United States African Development Foundation's chief information security officer document and implement a process for assessing risk in internal and cloud service provider's systems-taking into account all known vulnerabilities and threat sources, security controls planned or in place, and
residual risk-to make the authorizing official for each system aware of its security state.

The United States African Development Foundation's chief information security officer document and implement a process to update all known security weaknesses and associated corrective plans quarterly as required by the foundation's policy and include them in the plan of action and
milestones.

The United States African Development Foundation's chief information security officer document and implement a process to develop, communicate, and implement an organization-wide risk management strategy associated with the operation and use of the foundation's information systems in accordance with National Institute of Standards and Technology standards.

The United States African Development Foundation's chief information security officer document and implement a process to review and maintain an up-to-date information system inventory.

The United States African Development Foundation's chief information security officer document and implement a process to develop, document, and implement an enterprise architecture in accordance with National Institute of Standards and Technology standards.

The United States African Development Foundation's chief information security officer document and implement a process to perform quarterly scans of all Internet protocol ranges in the network.