OIG finds FDIC info security program at a level not considered effective, but says improvements underway

October 28, 2019 FDIC 0

The overall score earned by the information security program of the federal bank deposit insurer shows the agency’s program remains less than effective, according to the metrics used for the evaluation detailed Monday by the agency’s Office of Inspector General (OIG).

The OIG issued a report Monday on its evaluation of the Federal Deposit Insurance Corp. (FDIC) information security program under parameters set by the 2014 Federal Information Security Modernization Act of 2014 (FISMA). The audit utilized the Department of Homeland Security’s reporting metrics, the “IG FISMA Reporting Metrics” and a maturity model that aligns with the five function areas in the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity: Identify, Protect, Detect, Respond, and Recover.

Under that maturity model, IGs must assign maturity level ratings to each of the above-noted five function areas, as well as an overall rating, using a scale of 1-5. The five maturity level ratings are (1) Ad Hoc, (2) Defined, (3) Consistently Implemented, (4) Managed and Measurable, and (5) Optimized.

The FDIC program’s overall score was Maturity Level 3; programs operating below a Maturity Level 4 “are not considered to be effective,” the report says.

The report notes that the FDIC established a number of information security program controls and practices that were consistent with FISMA requirements, OMB policy and guidelines, and NIST security standards and guidelines. The FDIC also took or was working to take steps to strengthen its information security program controls following the FISMA audit conducted in 2018.

“However, the FISMA report describes security control weaknesses that limited the effectiveness of the FDIC’s information security program and practices and placed the confidentiality, integrity, and availability of the FDIC’s information systems and data at risk,” the report states.

The FISMA requires federal agencies to conduct annual independent evaluations of their information security programs and practices and to report the results to the Office of Management and Budget (OMB). FISMA requires the independent evaluations to be performed by the agency IG or an independent external auditor as determined by the IG.

OIG report: The FDIC’s Information Security Program – 2019

Five new members of community banking advisory panel named; will join May 2 meeting

April 26, 2024 0

Five new members of the community banking advisory committee to the federal bank deposit insurance agency were named Friday by the organization, which also said the group will attend their first meeting May 2. The Federal Deposit Insurance Corporation (FDIC) [...]
Competing proposals to change rules on Bank Control Act withdrawn after neither can win majority of FDIC Board votes

April 25, 2024 0

Neither of two competing proposals for changes to the federal bank deposit insurer’s rules implementing the Bank Control Act (BCA) were adopted Thursday by the agency’s board after sponsors of the two proposals withdrew them, largely after it became apparent [...]
FDIC: Deposit Insurance Fund on track to reach statutory minimum before deadline

April 25, 2024 0

The federal bank deposit insurer’s Deposit Insurance Fund (DIF) reserve ratio grew from 1.11% June 2023 to 1.15% in December and remains on track to return to its statutory minimum of 1.35% before its statutory deadline of Sept. 30, 2028, [...]
CFPB’s consumer panel to meet May 15

April 25, 2024 0

A public meeting of the Consumer Advisory Board (CAB) of the federal consumer financial protection agency is slated for May 15 from 10:30 a.m. to 1 p.m. Eastern. CAB is charged with advising and consulting with the Consumer Financial Protection [...]

Related