Independent Evaluation of the DNFSB’S Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021
Report Information
Recommendations
Integrate the Configuration management plan with risk management and continuous monitoring programs and utilize lessons learned to make improvements to this plan.
Implement automated mechanisms (e.g., machine-based, or user-based enforcement) to support the management of privileged accounts, including for the automatic removal/disabling of temporary, emergency, and inactive accounts, as appropriate.
Continue efforts to implement data loss prevention functionality for the Microsoft Office 365 environment.
Update agency strategic planning documents to include clear milestones for implementing strong authentication, the Federal ICAM architecture and OMB M-19-17, and phase 2 of DHS's Continuous Diagnostics and Mitigation (CDM) program.
Conduct the agency’s annual breach response plan exercise for FY 2021.