Security system rating
Inspector General Acknowledges Strong IT Controls at FDIC But Calls for Improvements
The Federal Deposit and Insurance Corporation‘s inspector general said the organization must address gaps in its security and information technology systems to ensure that sensitive financial information is secured.
According to an IG report, FDIC has a ranking of maturity level 4 under the Federal Information Security Modernization Act maturity model, an indication that its systems are relatively effective in identifying, protecting, detecting, responding to and recovering sensitive data within its networks, Nextgov reported.
FDIC received the rating due to its strong security controls, updated privacy requirements, enhanced investigation procedures and improved oversight authorities.
While the audit results were satisfactory, the watchdog still urged the agency to ensure that weaknesses within its systems are addressed.
The report noted that there are certain aspects of FDIC’s systems that scored maturity level 1 and represented significant weaknesses in IT security. Some of the aspects that need improvement are supply chain risk management program maturity, administrative account management and overdue and unaddressed risk plans of action.
The IG offered six recommendations for the agency’s consideration. The suggestions include the implementation of government-based privacy controls for all systems and a broader strengthening of information security programs, especially for supply chain risk management.
FDIC Chief Privacy Officer and Chief Information Officer Sylvia Burns and Chief Information Security Officer Zachary Brown said in a letter that the agency’s leadership concurred with the recommendations. The leaders also stated that FDIC will continue efforts to improve its information security posture.
Category: Federal Civilian