USAID Generally Implemented an Effective Information Security Program for Fiscal Year 2020 in Support of FISMA

USAID's Chief Information Officer should implement a process to document and implement mitigating controls for vulnerabilities that cannot be remediated in accordance with the timeframes defined by Agency policy.

USAID's Chief Information Officer should collaborate with the Office of Human Capital and Talent Management to document and implement a process to verify that separated employees' accounts are disabled in a timely manner in accordance with Agency policy.

USAID's Chief Human Capital Officer should implement a process to maintain records electronically for onboarding and off boarding staff.

USAID's Chief Information Officer should implement a process to validate that all privileged personnel receive the required specialized training prior to gaining system access.

USAID's Chief Information Officer should update the mobile device policy to specify the time period users must apply security and operating system updates on Agency mobile devices, and implement a process to deny access to Agency enterprise services for mobile devices that have not been updated within the prescribed period.

USAID's Chief Information Officer should develop and implement a process to block unauthorized applications from installing on Agency mobile devices.

USAID's Chief Information Officer should enhance the Agency's tracking process to include early warning indicators when testing of information system contingency plans will not be completed in the timeframes defined by USAID policy, and take corrective action.