HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2012 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- Efficiency On Demand
- Migrating enterprise digital communication to the Cloud
- Inside the Federal Cloud: Master the Challenges, Seizing the Opportunities
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- Cloud Computing: Threat or opportunity for VARs and MSPs? Special focus on cloud collaboration and messaging
- IMPROVING THE MANAGEMENT OF FEDERAL GOVERNMENT IT ASSETS THROUGH BETTER COMMUNICATION WITH THE IT INDUSTRY
GAO: FHFA must improve IT security
Accessibility controls and information security management are deficient at the Federal Housing Finance Agency, according to a new Government Accountability report. FHFA depends on computerized systems to supervise and regulate Fannie Mae, Freddie Mac and the 12 federal home loan banks.
GAO identified the lack of security at part of an audit of information security controls over its financial information. While the deficiencies are "not considered material weaknesses or significant deficiencies for financial reporting purposes," they do present vulnerabilities.
Regarding logical access controls, FHFA failed to:
- Maintain network access authorizations for every agency network user--for example, the agency could not provide authorization data for 20 of 30 users reviewed;
- regulate access to confidential information based on users' business needs to access specific information; and,
- sufficiently restrict system rights to only those needed by users to perform their assigned duties.
Regarding physical security flaws, FHFA did not effectively:
- Secure areas with IT equipment;
- complete physical security and environmental control policies;
- perform physical security risk assessments;
- authorize and control physical access to resources and information;
- detect potential security incidents;
- implement a visitor control program;
- enforce physical security safeguards;
- secure locations that support computer operations;or
- implement fire protection controls.
FHFA is developing an access control procedure to revalidate user access levels for network and system access, which it aims to finalize by June 2010. It is also working to improve physical deficiencies with IT security. One reason for FHFA's IT shortcomings, the report states, is that FHFA still has not yet fully implemented its agencywide information security program. GAO recommended that FHFA's acting director, Edward DeMarco implement the following 16 recommendations outlined in the "executive action" portion of the report.
For more:
- see the GAO report (.pdf)
Related Articles:
GAO: Bureau of Public Debt must address information security
IRS cybersecurity weak
GAO: DoD loses track of 72,000 combat records
GAO: Cybersecurity flaws at Los Alamos lab
GAO: SEC information security has gaping holes
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
