Management Advisory Report: Cybersecurity Breaches Highlight a Need for Improvement in Peace Corps’ Incident Response (IG-24-01-SR)
Report Information
Recommendations
Disclaimer: Open/Closed recommendations are updated semiannually.Office of the Chief Information Officer ensures that the network monitoring software is configured at the appropriate levels to detect and minimize Peace Corps exposure to future cybersecurity attacks.
Office of the Chief Information Officer implement adequate data logging in compliance with applicable NIST guidance.
Office of the Chief Information Officer establishes an effective incident response plan to respond to cybersecurity incidents timely.
Office of Chief Information Officer implements and updates the agency’s cybersecurity incident response plan to align with Manual Section 899 to include the Office of Inspector General and other required offices in breach notifications.
Office of Chief Information Officer ensures that the United States Computer Emergency Readiness Team and the Cybersecurity and Infrastructure Security Agency receive proper notification when Peace Corps is aware of a potential cybersecurity incident.