Audit of the Overseas Private Investment Corporation's Compliance with the Federal Information Security Management Act of 2002, as Amended for Fiscal Year 2015

The Overseas Private Investment Corporation's Chief Information Officer implement a documented process for periodically reviewing service accounts to determine whether accounts are necessary, and disable accounts no longer required.

The Overseas Private Investment Corporation's Chief Information Security Officer implement a documented process for verifying that all personnel receive security and privacy training annually, and document the results.

The Overseas Private Investment Corporation's Chief Information Security Officer develop and implement documented, role-based information technology and security training for personnel.

The Overseas Private Investment Corporation's Chief Information Officer obtain and implement a memorandum of understanding for its Oracle E-Business Suite System.

The Overseas Private Investment Corporation's Chief Information Officer obtain and implement a documented interconnection security agreement for its Oracle E-Business Suite System.

The Overseas Private Investment Corporation's Chief Information Officer implement multifactor authentication for network user accounts and document the results. If management determines that using such controls is not feasible, document that decision formally and implement mitigating controls.

The Overseas Private Investment Corporation's Chief Information Officer document a risk assessment for OPIC Insight.

The Overseas Private Investment Corporation's Chief Information Officer document a system security plan for OPIC Insight.

The Overseas Private Investment Corporation's Chief Information Officer complete a security control assessment for OPIC Insight and document the results.

The Overseas Private Investment Corporation's Chief Information Officer document OPIC Insight's authorization to operate based on security assessments and acknowledging any operating risks.