Skip to main content

The FHFA Chief Information Officer should Identify and implement a solution, in coordination with vendors, for meeting BOD 18-01 requirements to ensure all publicly accessible endpoints provide service through a secure connection (HTTPS-only, with HSTS). If there are no viable solutions, document any risk-based decisions, including compensating controls, for publicly accessible websites that are not in compliance with DHS BOD 18-01.

Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Closed
Source UUID
1b83616e-57ee-4f16-b3dc-8ff0e2eaa04e-AUD-2022-010-1
Report
FHFA Did Not Fully Comply with DHS Binding Operational Directives for Securing Its Public Websites and Publishing Its Vulnerability Disclosure Policy
Recommendation Number
AUD-2022-010-1
Significant Recommendation
No
Migration Source
http://oversight-d7.lndo.site/node/226094
http://oversight-d7.lndo.site/node/226094/edit
https://www.oversight.gov/node/226094
https://www.oversight.gov/node/226094/edit