U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2021 Federal Information Security Modernization Act

We recommend the Department develop the processes for documenting and implementing lessons learned to instruct its employees to record, analyze, and revise control activities on a cyclical basis to improve the Department’s security posture.

We recommend the Department patch it’s critical, high, moderate, and low vulnerabilities on the IT devices connected to the internal network based on the specified timeframe mentioned in DR 3530-006 Scanning and Remediation of Configuration and Patch Vulnerabilities.

We recommend the Department develop and implement a process to ensure the most current PIAs and SORNs are available to the public. Additionally, the mission areas should review the PIAs, PTAs, and SORNs annually.

We recommend the Department approve the PII Breach Notification and Incident Response Plan and perform table-top exercises annually.

We recommend the Department develop and administer role-based privacy training to personnel responsible for PII or activities involving PII.