The Enterprise Case Management System Did Not Consistently Meet Cloud Security Requirements

Ensure that the IRMs are consistent with National Institute of Standards and Technology guidelines for malicious code protection requirements for Linux servers.

Complete the development and testing of an automated malicious code protection application and implement the application on all Linux servers.

Ensure that all ECM servers in the cloud meet malicious code protection requirements.

The Chief Information Officer should ensure that privileged user activity logs are regularly monitored and inactive accounts deactivated in accordance with agency security requirements.