FHFA’s Disaster Recovery Exercise for Its General Support System Needs Improvement

Date Issued

Wednesday, September 25, 2024

Submitting OIG

Federal Housing Finance Agency OIG

Other Participating OIGs

Federal Housing Finance Agency OIG

Agencies Reviewed/Investigated

Federal Housing Finance Agency

Report Number

AUD-2024-010

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
AUD-2024-010-2	No	$0	$0
FHFA should update the disaster recovery procedures document to ensure it includes (a) up to date time periods for the recovery time objective and the recovery point objective for resumption of the general support system operations consistent with the business impact analysis, (b) database procedures, and (c) steps to validate successful failover and failback of the remote access infrastructure system.
AUD-2024-010-3	No	$0	$0
FHFA should ensure the After Action Report is consistent with the Recovery Exercise Test Results by documenting all actions taken during the failover and failback of the disaster recovery exercise including all correct dates for when testing was conducted.
AUD-2024-010-4	No	$0	$0
FHFA should perform annual testing of the contingency plan in accordance with the recovery procedures document to ensure failover and failback are conducted as planned.
AUD-2024-010-5	No	$0	$0
FHFA should ensure Office of Technology and Information Management officials communicate planned disaster recovery exercises and any scheduled changes with all parties involved, including auditors and other independent observers.
AUD-2024-010-6	No	$0	$0
FHFA should encrypt all backup data-at-rest at FHFA’s alternate site and update the existing plans of action and milestones to include compensating controls until the plans of action and milestones has been closed.