ALEXANDRIA, Va.–NCUA’s Office of Inspector General (OIG) said it has identified four weaknesses in the agency’s compliance with information security laws, as well as 12 prior recommendations it said remain open after having been previously identified.
In the report on NCUA’s compliance with the Federal Information Security Modernization Act (FISMA) and agency information security and privacy practices, policies, and procedures, the audit, compiled by the firm CliftonLarsonAllen, covered NCUA headquarters for a period earlier this year.
According to the report, the firm found “four new weaknesses under the configuration management and identity and access management domains of the FY 2023 IG FISMA Reporting Metrics.”
4 Weaknesses
CliftonLarsonAllen said the four new weaknesses it found include:
- The agency was not consistent implementing an automated process to disable inactive network user accounts in accordance with agency policy
- NCUA needs to strengthen its vulnerability management program
- The agency needs to require multifactor authentication to the NCUA network for all non-privileged users
- NCUA needs to ensure rules of behavior are consistently completed timely for new contractors.
Just Because It’s Autumn Doesn’t Mean Falling for Schemes to Overcharge You for CU Industry News. Instead, Try This Crisp Offer
The biggest, best and freshest news reporting in credit unions remains free! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news”” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?