Audit of the DNFSB’s Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2022
Report Information
Recommendations
Implement a process to ensure a security control assessment for the DNFSB GSS is completed and documented on an annual basis.
Implement a process to validate the DNFSB GSS security authorization is maintained in accordance with DNFSB policy.
Enforce existing DNFSB policy requirements to document security impact analyses, test plans, test results and backout plan requirements for each change.
Complete the implementation and consistent performance of monthly reviews to ensure security impact analyses, test plans, test results and backout plans are documented as required for each change.
Complete the implementation of the configuration management training program and provide periodic refreshers to ensure evidence requirements are captured for change tickets.