We recommend that USADF's Chief Information Officer remediate the 122 high-risk and 23 critical vulnerabilities identified by USADF's December 2, 2024, scans.
We recommend that USADF's Chief Information Officer evaluate its vulnerability remediation process to determine why high and critical vulnerabilities were not addressed within required time frames and implement corrective actions as appropriate.
We recommend that USADF's Chief Information Officer finalize the enterprise risk management plan to define roles, responsibilities, and authority for cybersecurity risk management.
We recommend that USADF's Chief Information Officer determine why the enterprise risk management plan was not finalized and implement corrective action as appropriate.
We recommend that USADF's Chief Information Officer determine whether USADF updated its cybersecurity training strategy and plans to incorporate the results of the workforce assessments and, if not, update and implement the strategy and plan.