Audit of the Overseas Private Investment Corporation's Compliance with the Federal Information Security Management Act of 2002, as Amended for Fiscal Year 2015

Recommendations

Recommendation 1

The Overseas Private Investment Corporation's Chief Information Officer implement a documented process for periodically reviewing service accounts to determine whether accounts are necessary, and disable accounts no longer required.

Questioned Cost:
$0
Close Date:
Recommendation 2

The Overseas Private Investment Corporation's Chief Information Security Officer implement a documented process for verifying that all personnel receive security and privacy training annually, and document the results.

Questioned Cost:
$0
Close Date:
Recommendation 3

The Overseas Private Investment Corporation's Chief Information Security Officer develop and implement documented, role-based information technology and security training for personnel.

Questioned Cost:
$0
Close Date:
Recommendation 4

The Overseas Private Investment Corporation's Chief Information Officer obtain and implement a memorandum of understanding for its Oracle E-Business Suite System.

Questioned Cost:
$0
Close Date:
Recommendation 5

The Overseas Private Investment Corporation's Chief Information Officer obtain and implement a documented interconnection security agreement for its Oracle E-Business Suite System.

Questioned Cost:
$0
Close Date:
Recommendation 6

The Overseas Private Investment Corporation's Chief Information Officer implement multifactor authentication for network user accounts and document the results. If management determines that using such controls is not feasible, document that decision formally and implement mitigating controls.

Questioned Cost:
$0
Close Date:
Recommendation 7

The Overseas Private Investment Corporation's Chief Information Officer document a risk assessment for OPIC Insight.

Questioned Cost:
$0
Close Date:
Recommendation 8

The Overseas Private Investment Corporation's Chief Information Officer document a system security plan for OPIC Insight.

Questioned Cost:
$0
Close Date:
Recommendation 9

The Overseas Private Investment Corporation's Chief Information Officer complete a security control assessment for OPIC Insight and document the results.

Questioned Cost:
$0
Close Date:
Recommendation 10

The Overseas Private Investment Corporation's Chief Information Officer document OPIC Insight's authorization to operate based on security assessments and acknowledging any operating risks.

Questioned Cost:
$0
Close Date: