The IT Law Wiki

Significant deficiency

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Information system Edit

A significant deficiency is

a control deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.[1]
a weakness in an agency's overall information systems security program or management control structure, or within one or more information systems, that significantly restricts the capability of the agency to carry out its mission or compromises the security of its information, information systems, personnel, or other resources, operations, or assets. In this context, the risk is great enough that the agency head and outside agencies must be notified and immediate or near-immediate corrective action must be taken. A significant deficiency under FISMA is to be reported as a material weakness under the Federal Managers Financial Integrity Act (FMFIA).[2]

References Edit

  1. Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data, at 1 n.3.
  2. OMB Memorandum M-04-25, at 8.

Also on Fandom

Random Wiki