The Chief Technology Officer should ensure that the ESAT checklist is amended to include an ESAT office signature block to indicate that the project was evaluated for audit trail requirements prior to exiting Milestone 2 and that the checklist is then provided to the Federal Information Security Management Act (FISMA) Certification Program Office as part of the Security Package. New projects related to legacy systems should not be exempt from this control.