https://www.nextgov.com/cybersecurity/2018/10/fdic-still-isnt-protecting-its-sensitive-information-audit-finds/152465/
By Joseph Marks
Senior Correspondent
Nextgov
October 31, 2018
The agency responsible for insuring U.S. bank accounts still isn't meeting
federal information security requirements, according to the unclassified
summary of an inspector generals' report released Wednesday.
The Federal Deposit Insurance Corporation, or FDIC, failed to patch
software vulnerabilities within its own timeframe and failed to fix known
and longstanding weaknesses in its cybersecurity policies and procedures,
the inspectors found.
Those weaknesses "limited the effectiveness of the FDIC's information
security program and practices and placed the confidentiality, integrity,
and availability of the FDIC's information systems and data at risk,"
according to the report.
The inspectors gave FDIC an information security score of 3 points on a
5-point government scale. That means security controls are "consistently
implemented" but not truly effective. Some portions of FDIC's information
security program earned only 1 or 2 points.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
