The NCUA needs to make major improvements in its computer security, including better security configurations and disaster contingency planning, according to a report released by the agency's Office of Inspector General.
The report also said that flaws in the monitoring of external service providers result in there being "the potential for security incidents increases which could put the overall confidentiality, integrity and availability of sensitive data shared between the NCUA and external systems at risk."
The study concluded that the agency needs to improve its remote-access controls and do a better job of being sure that former employees don't have access to the computer system.
Recommended For You
In addition the agency "does not have policies and procedures for system owners for developing, maintaining and testing disaster recovery/contingent plans," according to the report.
The report, which was designed to evaluate the agency's compliance with the Federal Information Security Management Act, was conducted by Richard S. Carson Associates, a Maryland-based management and information consulting firm, at the request of the agency's inspector general.
The agency concurred with those criticisms and agreed to take steps to remedy the problems.
The budget approved by the NCUA board on Nov. 18 includes an increase of $1.6 million in technology initiatives, $1.2 million to upgrade existing computers and software. The $225 million budget for 2011 also includes $14.1 million to fund the Office of the Chief Information Officer, which is the second largest office at the agency's headquarters. The largest is the Office of the Chief Financial Officer, which has a $20.1 million budget.
The report praised the agency for remedying some of the problems that were identified in earlier reports, such as updating the privacy policy for the agency's Web site and completing security control assessments for five of the six systems used to implement FISMA.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
