Develop, formalize (through the CPSC’s D-100 process), and implement processes to ensure all personnel are assigned risk designations and appropriately screened prior to being granted access to agency systems. Prior to formalizing the existing risk designation procedures, these procedures should be enhanced to include the following requirements:• Performance of periodic reviews of risk designations, at least annually.• Explicit position screening criteria for information security role appointments.• Description of how cybersecurity is integrated into human resources practices .
Date Issued
Oversight.gov UUID
1a618ce8-9909-45ac-bf01-50b10f7dc128
Status
Open
Recommendation Number
18
Sync
No
Questioned Costs
0
Significant Recommendation
Off