Develop, formalize (through the CPSC’s D-100 process), and implement processes to ensure all personnel are assigned risk designations and appropriately screened prior to being granted access to agency systems. Prior to formalizing the existing risk designation procedures, these procedures should be enhanced to include the following requirements: Performance of periodic reviews of risk designations at least annually, Explicit position screening criteria for information security role appointments, Description of how cybersecurity is integrated into human resources practices (prior year recommendation).
Date Issued
Oversight.gov UUID
382e24ab-c7cf-4087-bdc0-b481f44b6e13
Status
Closed
Recommendation Number
24
Sync
No
Questioned Costs
0
Significant Recommendation
On