U.S. Department of Agriculture, Office of Chief Information Officer, Fiscal Year 2022 Federal Information Security Modernization Act
Report Information
Recommendations
Prioritize resources to implement NIST SP 800-53, Rev. 5, security control requirements for the OCIO information security program in accordance with OMB A-130.
Document and implement a process for formally transferring responsibility when there is a change to the designated AO.
Verify that all selected systems and inherited controls that transferred AOs and have not been re-authorized have formally transferred responsibility for the system or inherited controls.
Ensure that privileged user reviews are completed in accordance with DR 3505-003.
Verify controls to ensure that all privileged users are successfully transferred to the identity management system.