GAO Identifies Weakness in FDIC InfoSec

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/gao-identifies-weakness-in-fdic-infosec-a-7085

By Eric Chabrow
Bank Info Security
July 22, 2014

Two separate audits by the Government Accountability Office show 
information security weaknesses at the Federal Deposit Insurance Corp. and 
significant deficiencies in information system controls at the Treasury 
Department unit that manages the federal debt.

The FDIC, the government-owned corporation that insures bank deposits, 
failed to fully implement controls to authenticate its system users' 
identities, restrict access to sensitive systems and data, encrypt 
sensitive data, complete background re-investigations for employees and 
audit and monitor system access, according to the report issued late last 
week.

GAO says the shortcomings do not constitute a material weakness or 
significant deficiency for financial reporting purposes. "Nevertheless," 
auditors say, "unless FDIC takes further steps to mitigate these 
weaknesses, the corporation's sensitive financial information and 
resources will remain exposed to unnecessary risk of inadvertent or 
deliberate misuse, improper modification, unauthorized disclosure or 
destruction."

The report says an underlying reason for many of these weaknesses is that 
FDIC failed to fully or consistently implement aspects of its information 
security program. Specifically, the GAO says, FDIC did not fully document 
and implement information security controls, ensure that employees and 
contractors received security awareness training, conduct continuing 
assessments of security controls for all systems and remediate agency 
identified weaknesses in a timely manner.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/