Text of Recommendation | FHFA-OIG's Chief Information Officer should identify and implement solutions, in coordination with vendors and engineering team, to encrypt logs in transit between the source system and SIEM tool. If there are no viable solutions, perform a risk assessment and cost benefit analysis. Based the risk assessment, document any risk-based decisions, including compensating controls, for systems not in compliance with OMB M-21-31.
|
---|---|
Recommendation Number | AUD-2023-004-8 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |