The NCUA needs to make major improvements in its computer security, including better security configurations, and disaster contingency planning, according to a report released by the agency's Office of Inspector General.
The report also said that flaws in the monitoring of external service providers result in "the potential for security incidents increases which could put the overall confidentiality, integrity and availability of sensitive data shared between NCUA and external systems at risk."
The report also said the agency needs to improve its remote access controls and do a better job of being sure that former employees don't have access to the computer system.
Recommended For You
In addition, the report said the agency "does not have policies and procedures for system owners for developing, maintaining and testing disaster recovery/contingent plans."
The report, which was designed to evaluate the agency's compliance with the Federal Information Security Management Act, was conducted by Richard S. Carson Associates, a Maryland-based management and information consulting firm, at the request of the agency's Office of Inspector General.
The agency agreed with those criticisms and agreed to take appropriate steps to remedy the problems.
The report praised the agency for remedying some of the problems that were identified in earlier reports, such as updating the privacy policy for the agency's website and completing security control assessments for five of the six systems used to implement FISMA.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.
