Critical Functions in FDIC Contracts
Report Information
Unimplemented Recommendations
Revise the management oversight strategy for the procured Critical Functions performed under the BOAs for Managed Security Services Provider and Security and Privacy Professional Services to ensure that the strategy aligns with best practices.
Identify missing or insufficient controls in the BOAs and task orders for Managed Security Services Provider and Security and Privacy Professional Services, and implement appropriate corrective actions or compensating controls.
Implement periodic reviews for procured Critical Functions, including for the BOAs and task orders for Managed Security Services Provider and Security and Privacy Professional Services.
Determine when and how to assess for contractor over-reliance as part of the management oversight strategy.
Implement corrective actions when the FDIC determines it is over-reliant on a contractor for a procured Critical Function.