MCC Implemented an Effective Information Security Program for Fiscal Year 2021 in Support of FISMA

We recommend that MCC's Chief Information Officer develop and implement processes to document and implement lessons learned related to risk management, configuration management and identity and access management

We recommend that MCC's Chief Information Officer develop and document supply chain policies, procedures and strategies

We recommend that MCC's Chief Information Officer revise and implement MCC's Vulnerability Patch Compliance Policy to align with timeframes in the Department of Homeland's Fiscal Year 2021 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics

We recommend that MCC's Chief Information Officer develop and implement a process to conduct an independent periodic review of MCC's privacy program.

We recommend that MCC's Chief Information Officer fully develop and implement a security awareness training strategy.

We recommend that MCC's Chief Information Officer document and implement a process to monitor and enforce MCC's procedures for security training

We recommend that MCC's Chief Information Officer document and implement a written process for obtaining and evaluating feedback on MCC's privacy and security training content, including role-based training