U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2018 Federal Information Security Modernization Act
OCIO should design and implement a strategic Department-wide plan to address unsupported software which are no longer supported by the vendor.
The Department should develop privacy policies and procedures in accordance with NIST and OMB A-130 requirements. In addition, OCIO and the Chief Privacy Officer should conduct a thorough gap analysis of existing USDA policy, procedures and guidance, and publish an updated Privacy Act Compliance Departmental Directive to include current NIST and OMB Privacy Act related guidance and requirements.
The Department should design and implement the necessary oversight and enforcement mechanisms and controls to ensure all system contingency plans are tested annually and the results of all tests are reviewed annually to ensure corrective actions can be initiated, as necessary.