Develop, formalize (through the CPSC’s D-100 process), and implement processes to ensure all personnel are assigned risk designations and appropriately screened prior to being granted access to agency systems. Prior to formalizing the existing risk designation procedures, these procedures should be enhanced to include the following requirements:• Performance of periodic reviews of risk designations at least annually,• Explicit position screening criteria for information security role appointments, and• Description of how cybersecurity is integrated into human resources practices (Identity and Access Management iv).
Date Issued
Oversight.gov UUID
3c5e0865-ac56-4220-84c8-0bf132027bf1
Status
Open
Recommendation Number
23
Sync
No
Questioned Costs
0
Significant Recommendation
On