Cybersecurity Information Sharing Act of 2015 Review Report
Open Recommendations
Management updates, develops, and publishes general access control and logical access control policies and procedures for all systems that permit access to PII.
Provide training or document training completion by individual system owners on establishing, implementing, and maintaining logical access policies and procedures for systems that contain PII.
The General Access Control Policy and attendant procedures should be updated to include the elements outlined in the report.
Develop, document, and maintain a software inventory including license management policies and procedures.
Comply with and enforce HSPD-12 multifactor authentication supported by the Personal Identity Verification Card.