Recommendation
2
We recommend that IAF's chief information officer update the agency's system security plan to include controls in National Institute of Standards and Technology Special Publication 800-53, Revision 5, "Security and Privacy Controls for Information Systems and Organizations."
Questioned Cost
0
Funds for Better Use
0
Recommendation
1
We recommend that IAF's chief information officer develop and implement a plan, including tools and other resources, to remediate critical and high vulnerabilities within the timeframes specified in the agency's "Information System Security Program Standard Operating Procedures" (February 2022).
Questioned Cost
0
Funds for Better Use
0