Review of the Peace Corps' Information Security Program for FY 2022
RecommendationsDisclaimer: Open/Closed recommendations are updated semiannually.
We recommend that the Director develop a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.
We recommend that the Director appoint the chief information security officer to serve on the Enterprise Risk Management Council as a voting member.
We recommend that the Director further define and implement the Enterprise Risk Management program to ensure information security risks are communicated and monitored at the system, business process, and entity levels.
We recommend that the Chief Information Officer perform a full security assessment of the General Support System to obtain a complete understanding of system weaknesses.
We recommend that the Chief Information Officer consistently improve and implement its inventory management process to ensure information system, hardware, and software inventories are accurate, complete, and up-to-date.