Audit of the Inter-American Foundation's Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014
Recommendations
The Inter-American Foundation's Chief Information Officer remediate, as appropriate, vulnerabilities in the network identified by
the Office of Inspector General's contractor and document the results, or document acceptance of the risks of those vulnerabilities.
The Inter-American Foundation's Chief Information Officer develop and implement a documented process to confirm that all devices under the Foundation's control are included in its vulnerability scans.
The Inter-American Foundation's Chief Information Officer document and implement configuration management policies and procedures for the Enterprise Network to confirm that all changes and supporting test results are documented.
The Inter-American Foundation's Chief Information Officer update the privacy impact assessment for the Enterprise Network to reflect the current environment, including that the Foundation collects, maintains, and disseminates personal information in an identifiable form.
The Inter-American Foundation's Chief Information Officer document and implement an incident response plan that requires all security incidents to be reported to the U.S. Computer Emergency Readiness Team.