Audit of NARA's Management Control over Microsoft Access Applications and Databases
Report Information
Recommendations
We recommend the Chief Information Officer, in conjunction with each program office, implement the security assessment process as described in NARA’s Enterprise Architecture to those applications/databases determined critical to carrying out NARA’s or...
We recommend the Chief Information Officer, in conjunction with each program office, develop and implement a comprehensive, systematic process to determine when a MS Access application or database should be recognized as an IT system.
We recommend the Chief Information Officer, in conjunction with each program office: Determine all MS Access databases containing PII and ensure they are: (a) encrypted in storage and transmission; and (b) password-protected in accordance with NARA...
Develop and implement a process, for future MS Access applications and databases created by program offices, including notification to and approval from the Office of Information Services for those that are mission-critical and/or contain PII or...