FDIC Cloud Management Audit Bares Weaknesses, Non-Compliance With Best Practices

A new audit of the Federal Deposit Insurance Corp.’s cloud environments showed that the agency failed to conduct a full inventory of its data assets. The audit by the FDIC’s Office of Inspector General also indicated that the agency lacks a fully developed data catalog, an organized cloud data assets inventory necessary for cybersecurity defense. 

The OIG also determined FDIC’s non-compliance with several cloud computing practices under existing agency guidance and as recommended by the Office of Management and Budget and the National Institute of Standards and Technology, FedScoop reported.

The audit also found that all 17 cloud contract services at the agency have no contract management action plans and legacy systems lack disposal strategies or decommission plans.

An FDIC OIG spokesperson identified several risks that the agency is facing because of faulty cloud management. These risks include security and privacy concerns with the lack of visibility into cloud data. The agency’s lack of disposal strategies for legacy systems also increases the possibility of cyber attacks, the spokesperson added.

The OIG has recommended nine measures to strengthen FDIC’s cloud computing strategies. The agency agreed to the recommendations and plans to complete the corrective steps by September.