Date Issued
Report Number
2023-20-018
Report Type
Audit
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
Recommendations
Ensure that the IRMs are consistent with National Institute of Standards and Technology guidelines for malicious code protection requirements for Linux servers.
Complete the development and testing of an automated malicious code protection application and implement the application on all Linux servers.
Ensure that all ECM servers in the cloud meet malicious code protection requirements.
The Chief Information Officer should ensure that privileged user activity logs are regularly monitored and inactive accounts deactivated in accordance with agency security requirements.