Conduct a comprehensive review of IAF's software and hardware inventories and update them to ensure that they are accurate and complete.
IAF's Chief Information Security Officer update IAF's procedures to include all elements for tracking the Agency's software and hardware assets. At a minimum these elements should include device type, location, and software license information.
IAF's Chief Information Security Officer conduct a security controls assessment for the two systems identified.
IAF's Chief Information Security Officer develop and implement procedures to hold system owners accountable for conducting security controls assessments and completing system security plans, and document which security controls are assessed and when.
IAF's Chief Information Security Officer update security plans for the two systems identified to include all required components as outlined in NIST Special Publication 800-53.
IAF's Chief Information Security Officer document the controls IAF is responsible for implementing for the external system identified and develop and implement a security plan for the system.