U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2024 Federal Information Security Modernization Act

We recommend Departmental Administration Information Technology Office management enforce multi-factor authentication, or the equivalent thereof, to the application.

We recommend (REDACTED) management implement a system of quality control to ensure the timely completion of quarterly privileged user access reviews in accordance with USDA Departmental Regulation 3505-003.

We recommend that Departmental Administration Information Technology Office management develop, document, and implement a control to monitor the assigned organization security coordinators complete privileged user access reviews in a timely manner.

We recommend Departmental Administration Information Technology Office management configure the system to generate user listings with the required data elements (e.g., first name, last name, account creation date, and roles or privileges) to support its system of internal controls and operational needs.

We recommend Departmental Administration Information Technology Office management provide training to personnel supporting the application on system administration including their responsibilities in supporting access controls, audits, and assessments.