Cyber hygiene
Inspector General Audit Finds FDIC’s Cybersecurity Hygiene Insufficient
The Federal Deposit Insurance Corporation’s inspector general said in a report that the agency does not implement good cybersecurity practices for its systems and its users.
According to the IG’s report, the FDIC had multiple issues, including account configuration, access management, privileged account management, Windows system maintenance, active directory policies and procedures, and audit logging and monitoring. The FDIC also had a problem with password management, something that the Department of the Interior’s inspector general also found at that agency.
The FDIC oversight body also noted that multiple accounts were not removed for inactivity and that users held privileged access for nearly a year even though they did not need one, FedScoop reported Thursday.
For Windows-related issues, the IG shared that several servers and a workstation still used unsupported operating system versions and the Windows active directory operations manual that the FDIC was using contained inaccurate information about active directory implementation.
The FDIC also failed to enable performance monitoring on two domain controllers that support its active directory, the IG said.
Category: Cybersecurity