Taxpayer First Act (TFA)
Funds for Better Use
The CIO should coordinate with the Chief Procurement Officer to ensure that the approval process includes a review that the appropriate management official approved the shopping cart prior to the purchase of information technology products.
Provide clarification on the inherently information technology-related work that should not be performed by the information technology staff outside of the IT organization to the heads of the business units to ensure compliance with the CIO’s memorandum.
Develop a control to ensure that the information technology staff outside of the IT organization are not performing inherently information technology-related work in accordance the CIO’s memorandum.
The CIO should establish a process to ensure that oversight of information systems managed by business units outside of the IT organization is documented to support complying with the TFA.
The CIO should ensure that the Network Security Management Standard, Standard Operating Procedures are updated to include the procedures for stakeholders’ defined roles and responsibilities in detecting and overseeing as well as to clarify the CSIRC’s and NMCC’s roles and responsibilities in reviewing unauthorized hardware.