U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Independent Evaluation of the Board’s Implementation of the Federal Information Security Management Act for fiscal Year 2014

Report Information

Date Issued
Report Number
DNFSB-15-A-02
Report Type
Inspection / Evaluation
Joint Report
No
Agency Wide
No (location specific)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

Perform an annual security control assessment of the General Support System (GSS). Since the Board has not identified the process for identifying which subset of controls should be tested each year, for FY 2015, OIG recommends the following controls should be tested at a minimum:
• Any controls that are new or changed in NIST SP 800-53 Revision 4.
• Any security control enhancements not tested during the 2012 security assessment.
• Any controls impacted by changes to the GSS environment since the security assessment conducted in 2012.
• Any controls associated with the closed Plan of Action and Milestones (POA&M) items.

Update the GSS security authorization documentation (e.g., Security Plan, Risk Assessment and the Security Assessment Report) as required.

Reevaluate the risk assigned to the controls impacted by the error in the 2012 GSS risk assessment and update the POA&M as needed.

Update the GSS System Security Plan to document risk.

Develop, document, and implement POA&M management procedures.