Independent Evaluation of the DNFSB’S Implementation of the Federal Information Security Modernization Act of 2014 for FY 2021
Report Information
Recommendations
Define the qualitative and quantitative performance measures that will be used to assess the effectiveness of its ISCM program.
Define handling procedures for specific types of incidents, processes and supporting technologies for detecting and analyzing incidents, including the types of precursors and indicators and how they are generated and reviewed for prioritizing incidents.
Consistently test the incident response plan annually.
Update the Agency’s incident response plan to reflect the USCERT incident reporting guidelines.
Allocate and train staff with significant incident response responsibilities.