We recommend that USAID's Chief of Travel and Transportation review the list of 33 separated users whose accounts in the End-to-End Travel system that have no record of being disabled and, if they are not needed, disable them.
We recommend that USAID's Chief of Travel and Transportation determine the activities of 11 separated users who logged into the End-to-End Travel system after their termination dates and take appropriate action.
We recommend that the Chief Information Officer revise Agency information systems security policies to eliminate conflicting language for the timeframe to disable accounts for separated employees.
We recommend that USAID's Chief of Travel and Transportation designate an Information System Security Officer to perform security functions for the End-to-End Travel system in accordance with USAID policy.
We recommend that USAID's Chief of Travel and Transportation revise the system security plan to require account managers for the End-to-End Travel system to be notified about personnel separations in a timely manner and receive sufficient time to disable system access within 24 hours, rather than 3 days, of a user's separation.