Audit of NARA's Legacy Systems
Report Information
Recommendations
We recommend the CIO develop a definition of a legacy system.
We recommend the CIO in coordination with the program offices document when the system was put into production and the life expectancy of each system.
We recommend the CIO create a centralized process to track legacy systems.
We recommend the CIO in coordination with System Owners Ensure all seven systems are adequately tracked, monitored, and the proper security controls are in place until they are subsumed within the ERA 2.0 project or other systems as planned.
We recommend the CIO develop and implement an operational analysis policy as required by OMB 10-27.
We recommend the CIO coordinate with each Program Office to conduct and document an operational analysis for IT investments currently in production in accordance with the policy in recommendation 8.
We recommend the CIO Ensure risk assessments and risk assessment reports are completed and/or reviewed annually and updated accordingly for all NARA systems .