Information Security: Federal Deposit Insurance Corporation Needs to Improve Its Program
GAO-06-620
Published: Aug 31, 2006. Publicly Released: Aug 31, 2006.
Skip to Highlights
Highlights
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. The corporation relies extensively on computerized systems to support and carry out its financial and mission-related operations. As part of the audit of the calendar year 2005 financial statements, GAO assessed (1) the progress FDIC has made in correcting or mitigating information security weaknesses previously reported and (2) the effectiveness of the corporation's information system controls to protect the confidentiality, integrity, and availability of its key financial information and information systems.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Deposit Insurance Corporation | To help fully implement the corporation's information security program, the FDIC Chairman should consistently implement the corporation's documented policies and procedures related to information security. |
Closed – Implemented
FDIC has consistently implemented various policies and procedures related to information security.
|
| Federal Deposit Insurance Corporation | To help fully implement the corporation's information security program, the FDIC Chairman should include security plans or requirements for nonmajor applications into the plans for general support systems. |
Closed – Implemented
FDIC has incorporated non-major systems in a security plan.
|
| Federal Deposit Insurance Corporation | To help fully implement the corporation's information security program, the FDIC Chairman should provide specialized training to individuals with significant security responsibilities. |
Closed – Implemented
FDIC has provided specialized training to all employees with significant security responsibility. FDIC tracks employee training and those that miss training are required to view the training DVD in its entirety and certify that they have completely reviewed the training material.
|
| Federal Deposit Insurance Corporation | To help fully implement the corporation's information security program, the FDIC Chairman should report weaknesses as closed in remedial action plans only when corrective actions have been completed. |
Closed – Implemented
FDIC has implemented or accurately reported the status of its remedial actions.
|
| Federal Deposit Insurance Corporation | To help fully implement the corporation's information security program, the FDIC Chairman should update continuity of operations plans and test them for the New Financial Environment. |
Closed – Implemented
FDIC has updated the continuity of operations plan. FDIC has tested selected functions of NFE.
|
Full Report
GAO Contacts
Office of Public Affairs
Topics
Access controlFinancial statement auditsInformation securityInformation systemsInternal controlsPhysical securitySystem vulnerabilitiesSystems evaluationSystems managementDeposit insurance