The Legislative Audit Bureau makes 13 recommendations to State of Wisconsin Agencies.

We recommend the Wisconsin Department of Administration:

1. complete collection of information to develop the dashboard and analyze executive branch agency adherence to the State of Wisconsin IT Security Policy Handbook and related standards by December 30, 2021; (p. 24)
2. respond to the analyses by working with executive branch agencies that are not adhering to the State of Wisconsin IT Security Policy Handbook and related standards to bring them into compliance by September 30, 2022; (p. 24)
3. review and update the monitoring program, including establishing specific ongoing monitoring processes that DOA will perform to be assured that executive branch agencies continue to adhere to the State of Wisconsin IT Security Policy Handbook and related standards by December 30, 2022; (p. 24)
4. work with the executive branch agencies by January 31, 2022, to develop the timeline for purchase, implementation, and configuration of the vulnerability management tool; (p. 24)
5. establish detailed plans by June 30, 2022, for how DOA will perform ongoing vulnerability assessments with the new vulnerability management tool, respond to those assessments, and make changes to further strengthen the State’s IT environment; and (p. 24)
6. review and continue to update its risk management program including considering the risks related to approved policy exceptions and remediating known vulnerabilities. (p. 24)
7. In addition, we recommend the Wisconsin Department of Administration report to the Joint Legislative Audit Committee by April 1, 2022, on the status of its efforts to implement these recommendations. (p. 24)

We recommend University of Wisconsin System Administration complete implementation of the systemwide policy monitoring program by:

8. collecting and analyzing UW institution compliance reports; and (p. 27)
9. continuing to work with UW institutions to achieve compliance in a timely manner when noncompliance is identified. (p. 27)

We recommend the Wisconsin Department of Workforce Development:

10. seek written assurance from the U.S. Department of Labor that the predictive analytics model is meeting federal requirements for DWD to review the facts and circumstances when making decisions that affect whether or not an individual is eligible to receive benefits; and (p. 30)
11. implement and document adequate procedures to monitor the ongoing accuracy of the predictive analytics model in assessing whether a hold could be appropriately removed. (p. 30)

We recommend the Wisconsin Department of Workforce Development:

12. complete full implementation of its corrective action plan by March 2022; and (p. 34)
13. address the specific concerns included in the confidential communication by June 2022. (p. 34)