Oversight

FDIC still weak on IT security, GAO says

Shutterstock image (by Pavel Ignatov): Alert icon.

The Federal Deposit Insurance Corp.'s IT security controls are insufficient to the point of placing "the confidentiality, integrity, and availability of financial systems and information at risk," the Government Accountability Office said in a new report.

FDIC, whose charge is maintaining public confidence in financial institutions, lacked an effective process for verifying user access to FDIC systems, the report said. The agency also failed to apply "critical" patches to third-party software vulnerabilities on financial-processing systems, the watchdog found.

GAO noted some progress in the agency's security regime. FDIC had, for example, improved controls for authenticating users and authorizing their access.

Nonetheless, some aspects of the agency's IT security program were not fully implemented, according to GAO. For example, the agency still lacked "a policy for monitoring critical file changes" to a server, the report said, recommending that the FDIC CIO implement such a policy.

Additionally, the report found that sensitive data including user identifications and passwords "continue to be transmitted over the network in clear text," because encryption hasn't been implemented for all FDIC mainframe connections.

FDIC "will have limited assurance that its sensitive financial information and resources will be secure" until longstanding and newfound vulnerabilities are addressed, the watchdog concluded.

The GAO report comes amid a congressional investigation of several breaches, which involved the inadvertent downloading of data by ex-FDIC employees, that the agency has retroactively deemed "major" incidents.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected