Independent Evaluation of the DNFSB’s Implementation of the Federal Information Security Modernization Act (FISMA) of 2014 for Fiscal Year 2020
Report Information
Recommendations
STATUS OF RECOMMENDATIONS: INDEPENDENT EVALUATION OF THE DNFSB’S IMPLEMENTATION OF THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2020
Define an ISA in accordance with the Federal Enterprise Architecture Framework.
Define an ISA in accordance with the Federal Enterprise Architecture Framework.
Use the fully defined ISA to:
a. Assess enterprise, business process, and information system level risks;
b. Formally define enterprise, business process, and information system level risk tolerance and appetite levels necessary for prioritizing and guiding risk management decisions;
c. Conduct an organization wide security and privacy risk assessment; and,
d. Conduct a supply chain risk assessment.
Use the fully defined ISA to:
a. Assess enterprise, business process, and information system level risks;
b. Formally define enterprise, business process, and information system level risk tolerance and
appetite levels necessary for prioritizing and guiding risk management decisions;
c. Conduct an organization wide security and privacy risk assessment; and,
d. Conduct a supply chain risk assessment.