Audit of USAID's Fiscal Year 2013 Compliance with the Federal Information Security Management Act of 2002

The Chief Financial Officer complete a
recertification of all Electronic Cash Reconciliation Tool user accounts on a periodic
basis in accordance with National Institute of Standards and Technology and USAID requirements to make sure that continued access remains appropriate and the level of access granted is commensurate with the individual's responsibilities.

The Chief Financial Officer implement documented procedures to disable Electronic Cash Reconciliation Tool user accounts that have never logged on or have not logged on within the specified time frame in accordance with National Institute of Standards and Technology and USAID
requirements.

The Chief Financial Officer implement documented procedures to remove Electronic Cash Reconciliation Tool accounts associated with individuals no longer supporting USAID in a timely manner.

The Chief Financial Officer implement documented procedures to audit Electronic Cash Reconciliation Tool account creations and removals.

The Director, Office of Acquisition and
Assistance, update the Global Acquisition and Assistance System security plan to document all National Institute of Standards and Technology Special Publication 800-53 revision 3 control descriptions and their implementation statements.

The Director, Office of Acquisition and Assistance, implement documented procedures to make sure all inactive Global Acquisition and Assistance System user accounts are identified and disabled or deleted if determined not needed.

The Director, Office of Acquisition and
Assistance, implement documented procedures for reviewing all Global Acquisition and Assistance System audit logs in accordance with USAID policy.

The Director, Office of Acquisition and
Assistance, implement documented procedures to test the Global Acquisition and Assistance System contingency plan annually in compliance with USAID policy.

The Chief Financial Officer document memorandums of understanding and/or service-level agreements with all agencies and organizations storing or processing Phoenix data, including but not limited to: a. Department of Health and Human Services; b. Carlson Wagonlit Travel; c. Department of Treasury; d. Department of State.