Independent Evaluation of the DNFSB’S Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021
Report Information
Recommendations
Continue efforts to develop and implement role-based privacy training for users with significant privacy or data protection related duties.
Formally document requirements and procedures for the completion of role-based training and enforcement methods in place for individuals who do not complete role-based training.
Continue current efforts to refine existing monitoring and assessment procedures to more effectively support ongoing authorization of the DNFSB system.
Update the DNFSB ISCM policies and procedures clearly defining what needs to be monitored at the system and organization level.
Define standard operating procedures for the use of the agency’s continuous monitoring tools or update the continuous monitoring plan to include the use of new monitoring tools.