Audit of Security Controls for a Cloud Platform and Application

Date Issued

Thursday, September 25, 2025

Submitting OIG

Federal Deposit Insurance Corporation OIG

Agencies Reviewed/Investigated

Federal Deposit Insurance Corporation

Report Number

AUD-25-02

Report Type

Audit

Agency Wide

Yes

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 9 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the Director, Division of Information Technology [redacted].
2	No	$0	$0
We recommend the Director, Division of Information Technology, limit user access by following the least privilege access principle where appropriate to documents on the cloud service provider [redacted].
3	No	$0	$0
We recommend the Director, Division of Information Technology, in coordination with the Director, Division of Depositor and Consumer Protection,[redacted].
3	No	$0	$0
We recommend the Director, Division of Information Technology, in coordination with the Director, Division of Depositor and Consumer Protection,[redacted].
4	No	$0	$0
We recommend the Director, Division of Information Technology, identify and review the continued need for other [redacted] that provide similar capabilities to launch [redacted].
5	No	$0	$0
We recommend the Director, Division of Information Technology coordinate with the vendor to mitigate the impact of [redacted].
6	No	$0	$0
We recommend the Director, Division of Information Technology, coordinate with the vendor to fix the [redacted].
7	No	$0	$0
We recommend the Director, Division of Information Technology, coordinate with the vendor to re-examine the need to [redacted].
8	No	$0	$0
We recommend the Director, Division of Information Technology, coordinate with the vendor to [redacted].