As required by the Federal Information Security Modernization Act, OIG reviewed USDA's ongoing efforts to improve its information technology security program and practices during Fiscal Year 2023.
U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2023 Federal Information Security Modernization Act
OCIO management should improve internal processes so that internal ATO reviews are completed on time, prior to the existing ATOs expiring.
OCIO management should improve oversight over contractors and enforce the timely completion of ATOs, in accordance with USDA policy.
OCIO management should update existing policy and procedures to define the conditions under which temporary reauthorization decisions may be granted (i.e., systems scheduled for retirement and disposal).
Rural Development management should improve system owner and support staff communications with OCIO regarding system retirements and disposals to ensure their information systems remain authorized until system disposal is completed.
OCIO management should design and implement a quality control process to validate that designated management are incorporating and complying with the requirements of DR 3505-003.