U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2021 Federal Information Security Modernization Act

We recommend the Department 1) retire or supersede IT security policies and procedures on the Department Directives website in a timely manner; and 2) use various communication mediums (e.g., The Federal Chief Information Security Officer Council, Information System Security Manager meetings, etc.) during the policy clearance process to inform employees, contractors, and other stakeholders of required practices and procedures.

We recommend the Department update IT security policies and procedures on its Directives website to include the most current Federal guidance.

We recommend the Department implement an effective patch or upgrade process for mobile devices to address security deficiencies.

We recommend the Department capture mobile devices vulnerabilities in the Department’s reporting system.

We recommend the Department address POA&Ms that are past their due date to ensure identified security weaknesses are remediated in a timely manner.