USAID's Chief Information Officer Conduct a risk-assessment of the current session-termination setting of seven days versus the eight-hour best practice for the [Agency's] external cloud system, and take the necessary action based on the results of the risk-assessment.
USAID's Chief Information Officer Develop and implement written policies and procedures for Agency-created external cloud-system administrators to clearly define and specify the privileges that should be assigned to each role.
USAID's Chief Information Officer Conduct a risk-assessment for Agency staff using personal devices to access the external cloud system and determine what actions Agency officials need to take to mitigate any identified risks. This includes updating relevant policies to reflect the acceptable use of personal devices consistently as deemed appropriate by management and providing training to staff on those new policies.
USAID's Chief Information Officer Develop and implement policies and procedures to disable network accounts promptly for contractors when the contracted work ends.