[ISN] Federal mortgage watchdog agency struggles with its information security

From: InfoSec News <alerts_at_private>
Date: Tue, 4 May 2010 00:44:39 -0500 (CDT)

By William Jackson
May 03, 2010

The Federal Housing Finance Agency, a fledgling organization created in 
2008 to oversee federal mortgage activities, has not fully implemented 
an information security program, resulting in weaknesses in its 
information technology security, according to the Government 
Accountability Office.

"FHFA has made important progress in developing and documenting its 
policies and procedures for the agency's information security program," 
GAO concluded in its report. "However, policies, procedures, plans, and 
technical standards related to information security did not always 
reflect the current agency operating environment; and FHFA did not 
always effectively monitor its systems."

GAO found that FHFA did not always maintain authorization records for 
network and system access, and did not enforce least-privilege policies 
for system and application users. It also did not have adequate physical 
security and environmental safety controls for facilities housing IT 

"Until the agency strengthens its logical access and physical access 
controls and fully implements an information security program that 
includes policies and procedures reflecting the current agency 
environment, increased risk exists that sensitive information and 
resources will not be sufficiently protected from inadvertent or 
deliberate misuse, improper disclosure, or destruction," GAO concluded.


Best Selling Security Books and More!
Shop InfoSec News
Received on Mon May 03 2010 - 22:44:39 PDT

This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:52:59 PDT