The United States African Development Foundation’s Information Security Program Needs Improvements To Comply With FISMA

The United States African Development Foundation's chief information security officer document and implement a process to change default usernames and passwords before system installation.

The United States African Development Foundation's chief information security officer document and implement a process to review and analyze all required audit logs in accordance with National Institute of Standards and Technology standards and the foundation's policy.

The United States African Development Foundation's chief information security officer document and implement a process to reevaluate the security categorization of the general support, travel, and
human resources systems in accordance with the Office of Management and Budget and National Institute of Standards and Technology guidance given that the systems contain personally identifiable information.

The United States African Development Foundation's chief information security officer document and implement a process to maintain a current interconnection security agreement and memorandum of understanding between the foundation and the U.S. Department of Interior's Interior Business Center.

The United States African Development Foundation's chief information security officer document and implement a process to provide annual security awareness training to overseas partners.

The United States African Development Foundation's chief information security officer document and implement a process to provide annual role-based training to all personnel with significant information security responsibilities.