Provide sufficient specialized training to EAC personnel to enable EAC to develop and maintain a risk-based IT security program that meets FISMA requirements, or hire an official that has experience managing an agency-wide IT security program.