U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2020 Federal Information Security Modernization Act
Report Information
Recommendations
We recommend the Department develop a policy and implement the necessary oversight to monitor CSAM for accuracy so that the system provides sufficient support to determine compliance with Federal requirements and for decision making.
We recommend the Department implement a centrally managed software license program that complies with Departmental policy.
We recommend the Department prioritize remediation of outstanding vulnerabilities to address security and control deficiencies by implementing an improved patch or upgrade process to address security deficiencies identified by the independent OIG scans and SIEM.
We recommend the Department remove unsupported software from its network by designing and implementing a strategic Departmentwide plan.
We recommend the Department revise the DR 3565-003, Plan of Action and Milestones Policy to specify a timetable or time constraint for resolving high, medium and low vulnerabilities.