Independent Evaluation of DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 For Fiscal Year 2019
Report Information
Recommendations
Management should re-enforce requirements for performing DNFSBs change control procedures in accordance with the agency’s Configuration Management Plan by defining consequences for not following these procedures and conducting remedial training as necessary.
Implement procedures and define roles for reviewing configuration change activities to the DNFSB information system production environment by those with privileged access to verify the activity was approved by the system CCB and executed appropriately
Complete and document a risk-based justification for not implementing an automated solution (e.g. Splunk) to help maintain an up-to-date, complete, accurate, and readily available view of the security configurations for all information system components connected to the organization’s network.
Continue efforts to meet milestones of the DNFSB ICAM Strategy necessary for fully transitioning to DNFSB’s “to-be" ICAM architecture.
Complete current efforts to refine existing monitoring and
assessment procedures to more effectively support ongoing
authorization of the DNFSB system.