NCUA Security Slammed
The NCUA needs to make major improvements in its computer security, including better security configurations and disaster contingency planning, according to a report released by the agency's Office of Inspector General.
The report also said that flaws in the monitoring of external service providers result in there being "the potential for security incidents increases which could put the overall confidentiality, integrity and availability of sensitive data shared between the NCUA and external systems at risk."
The study concluded that the agency needs to improve its remote-access controls and do a better job of being sure that former employees don't have access to the computer system.
In addition the agency "does not have policies and procedures for system owners for developing, maintaining and testing disaster recovery/contingent plans," according to the report.
The report, which was designed to evaluate the agency's compliance with the Federal Information Security Management Act, was conducted by Richard S. Carson Associates, a Maryland-based management and information consulting firm, at the request of the agency's inspector general.
The agency concurred with those criticisms and agreed to take steps to remedy the problems.
The budget approved by the NCUA board on Nov. 18 includes an increase of $1.6 million in technology initiatives, $1.2 million to upgrade existing computers and software. The $225 million budget for 2011 also includes $14.1 million to fund the Office of the Chief Information Officer, which is the second largest office at the agency's headquarters. The largest is the Office of the Chief Financial Officer, which has a $20.1 million budget.