| Text of Recommendation | We recommend that OPM document the governance requirements of the CSCC that at a minimum contain the following elements as stated by NIST: a) Assigns responsibilities for oversight of the CSCC; b) Mandates the same assessment and monitoring requirements as system-specific controls in OPM information systems; and c) Requires the communication of assessment results to SOs and ISSOs. |
|---|---|
| Recommendation Number | 1 |
| Recommendation Status | Closed |
| Significant Recommendation | No |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Submitting OIG | |
|---|---|
| Linked Report |