GAO: FDIC needs better information security

Information Security: The Federal Deposit Insurance Corporation Needs to Improve Its Program

Related Links

The Government Accountability Office has released a new report that criticizes the Federal Deposit Insurance Corp.'s (FDIC) efforts to implement information security controls.

The FDIC has made progress since an audit released in March found 24 weaknesses. So far the agency has corrected 18 of them, the new report states. The audit found that after the FDIC changed its financial systems in 2005, it “did not ensure that adequate controls were in place to accommodate its new systems environment.”

In the new report, GAO states that despite the progress, information security controls are still missing to protect the “confidentiality, integrity and availability of its financial and sensitive information and information systems.” Consequently, the agency has identified an additional 20 weaknesses in the FDIC's financial system.

GAO blames this on the FDIC's information security program, which the report says is not fully implemented. GAO says the FDIC has not consistently enforced its security-related policies, addressed security plans for specific applications, provided training to individuals with major security responsibilities, implemented plans to solve known weaknesses, or updated or tested continuity plans after changing the financial system in 2005.

GAO states that without changes, sensitive financial information is at “increased risk of unauthorized access, modification and/or disclosure, possibly without detection,” the report states.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.