Audit of the Overseas Private Investment Corporation's Fiscal Year 2014 Compliance with the Federal Information Security Management Act of 2002
Recommendations
The Overseas Private Investment Corporation Chief Information Officer implement account recertification procedures to conduct periodic, as defined by the Corporation, reviews of OPICNet group memberships to verify that appropriate access privileges have been assigned and document the results.
The the Overseas Private Investment Corporation Chief Information Officer implement account recertification procedures for verifying actions taken after reviews of inactive accounts and document the results.
The Overseas Private Investment Corporation Chief Information Officer implement approved configuration baselines for the following software platforms used by OPICNet and document the results: Windows Server (all versions); Microsoft SQL Server (all versions); Oracle 9; Microsoft Internet Information Server
The Overseas Private Investment Corporation Chief Information Officer conduct configuration baseline monitoring over the following software platforms in accordance with organizational policies and procedures and document the results: Windows Server (all versions); Microsoft SQL Server (all versions); Oracle 9; Microsoft Internet Information Server
The Overseas Private Investment Corporation Chief Information Officer document and implement a process to monitor OPICNet password configuration settings for compliance with the Corporation's policy.
The Overseas Private Investment Corporation Chief Information Officer implement its Risk Management Committee Charter to support its risk management strategy and document the results.
The Overseas Private Investment Corporation Chief Information Officer implement a system to confirm that corrective actions have been fully and effectively completed prior to closing audit recommendations and document the results.