USAID Has Implemented Controls in Support of FISMA, but Improvements Are Needed

Recommendations

Recommendation 1

The Deputy Administrator develop and implement a plan to ensure the chief information officer position reports directly to the Administrator or Deputy Administrator as required by the Federal Information Technology Acquisition Reform Act of 2014 and the Clinger-Cohen Act of 1996.

Questioned Cost:
$0
Close Date:
Recommendation 2

The Deputy Administrator develop a written plan to ensure the chief information officer has a significant role in the management, governance, and oversight of information technology as required by the Federal Information Technology Acquisition Reform Act of 2014.

Questioned Cost:
$0
Close Date:
Recommendation 3

The chief information officer implement a plan to segregate the deputy chief information officer and chief information security officer positions and appoint in writing a senior-level chief information security officer in accordance with the Federal Information Security Modernization Act.

Questioned Cost:
$0
Close Date:
Recommendation 4

The chief information officer remediate vulnerabilities on the network identified by the Office of Inspector General's contractor, as appropriate, or document acceptance of the risks of those vulnerabilities.

Questioned Cost:
$0
Close Date:
Recommendation 5

The chief information officer document and
implement a process to track and remediate persistent vulnerabilities promptly, or document acceptance of the risk of those vulnerabilities.

Questioned Cost:
$0
Close Date:
Recommendation 6

The chief information officer document and implement a process to ensure vulnerability assessment tools are configured to detect vulnerabilities previously not detected by internal scans.

Questioned Cost:
$0
Close Date:
Recommendation 7

The chief information officer document and implement a process to centrally manage printers and apply hardened security configurations prior to placing printers into the production environment.

Questioned Cost:
$0
Close Date:
Recommendation 8

The chief information officer document and implement a plan to make sure all internal and external systems have a current authority to operate.

Questioned Cost:
$0
Close Date:
Recommendation 9

The chief information officer, in coordination with the chief financial officer, document and implement a procedure to minimize exposure of personally identifiable information in webTA.

Questioned Cost:
$0
Close Date:
Recommendation 10

The chief information officer, in coordination with the chief financial officer, document and implement a procedure to complete, approve, and maintain access request forms for webTA users in accordance with policies, or document acceptance of the risk of not having such controls.

Questioned Cost:
$0
Close Date:
Recommendation 11

The chief information officer, in coordination with the chief financial officer, document and implement a procedure to review webTA accounts periodically for appropriateness in accordance with policies or document acceptance of the risk of not having such controls.

Questioned Cost:
$0
Close Date:
Recommendation 12

The chief information officer develop and implement a written process to validate that the AIDnet plan of action and milestones is completed and updated promptly.

Questioned Cost:
$0
Close Date:
Recommendation 13

The director of the Office of Management Policy, Budget, and Performance, in coordination with the chief information officer and the chief human capital officer, document and implement a procedure to promptly remove system accounts associated with people no longer at the Agency.

Questioned Cost:
$0
Close Date:
Recommendation 14

The chief information officer, in coordination with the chief human capital officer, document and implement a process to verify that all employees' exit clearance forms are completed and maintained in accordance with policy.

Questioned Cost:
$0
Close Date:
Recommendation 15

The chief information officer document and implement a procedure to complete, approve, and maintain access request forms for individuals requiring access to the information technology rooms in the Ronald Reagan Building and Two Potomac Yard locations.

Questioned Cost:
$0
Close Date:
Recommendation 16

The chief information officer document and implement a procedure to review individual access periodically and ensure only authorized personnel have access to information technology rooms in the Ronald Reagan Building and Two Potomac Yard locations.

Questioned Cost:
$0
Close Date:
Recommendation 17

The chief information officer document and implement a validation process to confirm that all memorandums of understanding and interconnection security agreements are current and approved.

Questioned Cost:
$0
Close Date:
Recommendation 18

The chief financial officer document and implement a procedure to review third-party assessment reports to ensure complementary user entity controls have been implemented for the Enterprise Loan Management System.

Questioned Cost:
$0
Close Date:
Recommendation 19

The chief financial officer document and implement a procedure to review active Enterprise Loan Management System accounts that have not been used for a specified period and disable them as necessary in accordance with agency policy.

Questioned Cost:
$0
Close Date:
Recommendation 20

The chief financial officer document and implement a procedure to periodically review the Department of State vulnerability scan results and remediation actions supporting the Phoenix application.

Questioned Cost:
$0
Close Date: