Recommendation
1
We recommend that IAF's chief information officer improve its record keeping process to maintain records of the first day its users access agency systems.
Questioned Cost
0
Funds for Better Use
0
Recommendation
2
We recommend that IAF's chief information officer develop and implement procedures for compensating controls in lieu of multifactor authentication for systems that the agency plans to decommission.
Questioned Cost
0
Funds for Better Use
0
Recommendation
3
We recommend that IAF's chief information officer implement level 2 event logging requirements in accordance with Office of Management and Budget memorandum M-21-31.
Questioned Cost
0
Funds for Better Use
0