http://gcn.com/articles/2010/05/03/fhfa-security-050310.aspx By William Jackson GCN.com May 03, 2010 The Federal Housing Finance Agency, a fledgling organization created in 2008 to oversee federal mortgage activities, has not fully implemented an information security program, resulting in weaknesses in its information technology security, according to the Government Accountability Office. "FHFA has made important progress in developing and documenting its policies and procedures for the agency's information security program," GAO concluded in its report. "However, policies, procedures, plans, and technical standards related to information security did not always reflect the current agency operating environment; and FHFA did not always effectively monitor its systems." GAO found that FHFA did not always maintain authorization records for network and system access, and did not enforce least-privilege policies for system and application users. It also did not have adequate physical security and environmental safety controls for facilities housing IT resources. "Until the agency strengthens its logical access and physical access controls and fully implements an information security program that includes policies and procedures reflecting the current agency environment, increased risk exists that sensitive information and resources will not be sufficiently protected from inadvertent or deliberate misuse, improper disclosure, or destruction," GAO concluded. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Mon May 03 2010 - 22:44:39 PDT
This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:52:59 PDT