rowid,report_id,rec_number,significant,text,questioned_costs,funds_for_better_use
13,2023-audit-boards-information-security-program,1,No,"Prioritize the definition and incorporation of a cybersecurity risk tolerance into the agency's cybersecurity policies, procedures, and processes, as appropriate.",0,0
14,2023-audit-boards-information-security-program,3,No,"Document and implement a process to consistently inventory the Board's web applications, including its public-facing websites.",0,0
15,2023-audit-boards-information-security-program,4,No,"Document and implement a process to consistently inventory and prioritize the Board's third-party systems, including the identification of subcontractors.",0,0
16,2023-audit-boards-information-security-program,5,No,Enforce the agency's iOS Update and Device Inactivity Policy to ensure that agency services are denied to mobile devices that are out of compliance.,0,0