Review of the Peace Corps' Information Security Program for FY 2023
RecommendationsDisclaimer: Open/Closed recommendations are updated semiannually.
The Peace Corps develops a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.
The Peace Corps include the CISO at the ERM Council meetings to provide insights on cybersecurity risks.
The Peace Corps further define and implement the ERM program to ensure information security risks are communicated and monitored at the system, business process, and entity levels.
The Peace Corps improve its incident response process to ensure incidents are properly defined, promptly identified, and effectively remediated.
The Peace Corps consistently improve and implement its inventory management process to ensure information system, hardware, and software inventories are accurate, complete, and up to date.