The IT Law Wiki

Reportable condition

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A reportable condition

exists when a security or management control weakness does not rise to level of a significant deficiency, yet is still important enough to be reported to internal management. A security weakness not deemed to be a significant deficiency by agency management, yet affecting the efficiency and effectiveness of agency operations, may be considered a reportable condition. However, due to lower risk, corrective action may be scheduled over a longer period of time. A reportable condition under FISMA is not reported as a material weakness under FMFIA.[1]

References Edit

  1. OMB Memorandum M-04-25, at 8.

Also on Fandom

Random Wiki