Date Issued
Report Number
2023-25-017
Report Type
Audit
Special Emphasis
Taxpayer First Act (TFA)
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
Recommendations
Disable all software on the unauthorized list and add them to the blocked list until the user can demonstrate a business need and has obtained approval for software use in accordance with requirements.
Update the Application Control Solution Standard Operating Procedures to reflect the deny-all, permit-by-exception policy for the use of software on information systems in alignment with requirements.
The CIO should develop performance metrics to assess the ACS team’s effectiveness in managing unauthorized software.