ALEXANDRIA, Va. – In a recent guidance letter to corporate credit unions, NCUA said corporate credit unions have been diligent in their IT security measures, but this is one area where corporates can't get lax. ".the Office of Corporate Credit Unions IT examiners have focused on ensuring the adequacy of basic control elements such as firewalls, intrusion detection, penetration tests and sound network architectures. I am pleased to note that corporates have been diligent in this regard and that many sound control practices have been implemented," wrote Office of Corporate Credit Unions Director Kent Bukham. He went on to say that while basic IT security control elements are strong, the changing dynamics of corporate CU IT risk profiles' require they focus attention on the following critical security areas: Information Security Risk Assessment, Security Application Code Reviews, Service Provider Oversight & Contracts, Security Awareness of Employees, Change Management for Applications and Infrastructure, and Security for Remote Applications. The remainder of the letter detailed guidance in these areas that corporates can follow.