Audit of the Inter-American Foundation's Fiscal Year 2013 Compliance with the Federal Information Security Management Act of 2002

Recommendations

Recommendation
1

The Inter-American Foundation Chief Information Officer remediate vulnerabilities in the network identified by the Office of Inspector General's contractor, as appropriate, and document the results or document acceptance of the risks of those vulnerabilities.

Questioned Cost
0
Close Date
Recommendation
2

The Inter-American Foundation Chief Information Officer establish in writing patch time frame requirements to make sure known vulnerabilities are remediated.

Questioned Cost
0
Close Date
Recommendation
3

The Inter-American Foundation Chief Information Officer implement a written process to review the virtual private network device configuration and to either disable nonessential and insecure services or document acceptance of the risks.

Questioned Cost
0
Close Date
Recommendation
4

The Inter-American Foundation Chief Information Officer document and implement audit and accountability procedures to include monitoring, reviewing, and analyzing event logs on a schedule defined by the organization for indications of inappropriate or unusual activity.

Questioned Cost
0
Close Date
Recommendation
5

The Inter-American Foundation Chief Information Officer document and implement a baseline configuration for the Enterprise Network.

Questioned Cost
0
Close Date
Recommendation
6

The Inter-American Foundation Chief Information Officer either update the foundation's policies, procedures, and network password settings to ensure compliance with the U. S. Government Configuration Baseline standards or document deviations from those standards in the foundation's Information System Security Program and System Security Plan and document acceptance of the risk.

Questioned Cost
0
Close Date
Recommendation
7

The Inter-American Foundation Chief Information Officer document and implement a process to maintain an up-to-date plan of action and milestones and to implement corrective actions in a timely manner.

Questioned Cost
0
Close Date
Recommendation
8

The Inter-American Foundation Chief Information Officer implement a documented process to review and update the Enterprise Network System Security Plan annually or as significant system changes
occur to make sure the security requirements and controls for the system are documented adequately and reflect the current operating environment of the information system.

Questioned Cost
0
Close Date