NCUA IG Slams Agency's Information Security Management
The NCUA needs to make major improvements in its computer security, including better security configurations, and disaster contingency planning, according to a report released by the agency's Office of Inspector General.
The report also said that flaws in the monitoring of external service providers result in "the potential for security incidents increases which could put the overall confidentiality, integrity and availability of sensitive data shared between NCUA and external systems at risk.''
The report also said the agency needs to improve its remote access controls and do a better job of being sure that former employees don't have access to the computer system.
In addition, the report said the agency "does not have policies and procedures for system owners for developing, maintaining and testing disaster recovery/contingent plans.''
The report, which was designed to evaluate the agency's compliance with the Federal Information Security Management Act, was conducted by Richard S. Carson Associates, a Maryland-based management and information consulting firm, at the request of the agency's Office of Inspector General.
The agency agreed with those criticisms and agreed to take appropriate steps to remedy the problems.