Performance Assessment: Governance, Risk, and Compliance
D486
Dorian Stanfield
2/3/2025
, Gaps Overview
In a security audit and assessment conducted by Pruhart Security, an evaluation on the
effectiveness of the implemented enterprises’ controls and the extent to which they were
sufficient to ensure compliance with regulatory requirements has been sanctioned. This
includes the collection and storage of sensitive information.
The initial assessment report implied that the enterprise must augment and expand its
internal control implementation and existing network. As well as improving its current
governance practices. This requires the revision of several existing security controls and
procedures and by the implementation of the following recommendations:
Policies: A requirement for the creation and authorization of privacy and plans that are
parallel with the enterprise’s standards.
Asset management: A necessitation for the modifications to asset management
procedures as well as updates to inventory/asset records
Risk management: Requires the establishment of risk management frameworks to
consistently review and assess security controls of the information systems and network.
Access Controls: A key constraint to the implemented access controls and authentication
procedures to improve the enterprise System Security posture.
Labeled Risks
The Phoenix system was also assessed as part of the evaluation to authenticate the
tolerability of security controls. As well as the configuration of its controls against the
governing requirements outlined in the Federal Information Security Management Act
(FISMA) and payment security standards standard. The assessment detected the five
substantial control areas that demand immediate attention for remediation.
Control Identifier & Assessment Report
AC-6: Least Privilege
Least privilege principles must be employed for discretionary access measures based on
need of access per role.
Rating: High
A vacuum of clearly defined role-based access controls increases the risk of illicit access
and data breaches. FMC is devoted to addressing this control gap to align with NIST 800-
53 guidelines. These guidelines mandate granting users only the permissions required to
D486
Dorian Stanfield
2/3/2025
, Gaps Overview
In a security audit and assessment conducted by Pruhart Security, an evaluation on the
effectiveness of the implemented enterprises’ controls and the extent to which they were
sufficient to ensure compliance with regulatory requirements has been sanctioned. This
includes the collection and storage of sensitive information.
The initial assessment report implied that the enterprise must augment and expand its
internal control implementation and existing network. As well as improving its current
governance practices. This requires the revision of several existing security controls and
procedures and by the implementation of the following recommendations:
Policies: A requirement for the creation and authorization of privacy and plans that are
parallel with the enterprise’s standards.
Asset management: A necessitation for the modifications to asset management
procedures as well as updates to inventory/asset records
Risk management: Requires the establishment of risk management frameworks to
consistently review and assess security controls of the information systems and network.
Access Controls: A key constraint to the implemented access controls and authentication
procedures to improve the enterprise System Security posture.
Labeled Risks
The Phoenix system was also assessed as part of the evaluation to authenticate the
tolerability of security controls. As well as the configuration of its controls against the
governing requirements outlined in the Federal Information Security Management Act
(FISMA) and payment security standards standard. The assessment detected the five
substantial control areas that demand immediate attention for remediation.
Control Identifier & Assessment Report
AC-6: Least Privilege
Least privilege principles must be employed for discretionary access measures based on
need of access per role.
Rating: High
A vacuum of clearly defined role-based access controls increases the risk of illicit access
and data breaches. FMC is devoted to addressing this control gap to align with NIST 800-
53 guidelines. These guidelines mandate granting users only the permissions required to
