FDIC Still Isn’t Protecting Its Sensitive Information, Audit Finds

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/cybersecurity/2018/10/fdic-still-isnt-protecting-its-sensitive-information-audit-finds/152465/

By Joseph Marks
Senior Correspondent
Nextgov
October 31, 2018

The agency responsible for insuring U.S. bank accounts still isn't meeting 
federal information security requirements, according to the unclassified 
summary of an inspector generals' report released Wednesday.

The Federal Deposit Insurance Corporation, or FDIC, failed to patch 
software vulnerabilities within its own timeframe and failed to fix known 
and longstanding weaknesses in its cybersecurity policies and procedures, 
the inspectors found.

Those weaknesses "limited the effectiveness of the FDIC's information 
security program and practices and placed the confidentiality, integrity, 
and availability of the FDIC's information systems and data at risk," 
according to the report.

The inspectors gave FDIC an information security score of 3 points on a 
5-point government scale. That means security controls are "consistently 
implemented" but not truly effective. Some portions of FDIC's information 
security program earned only 1 or 2 points.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_