Skip to main content
Report File
Date Issued
Submitting OIG
National Credit Union Administration OIG
Other Participating OIGs
National Credit Union Administration OIG
Agencies Reviewed/Investigated
National Credit Union Administration
Report Number
OIG23-05
Report Description

This report summarizes the results of the CliftonLarsonAllen (CLA) audit and contains four recommendations that will assist the agency in strengthening cybersecurity controls related to its firewalls and the Security Information and Event Management (SIEM) tool. NCUA management concurred with and has taken or planned corrective actions to address the recommendations.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1.OIG-23-05Recommendation No $0 $0

Include in its quarterly review process, privileged accounts with access to cybersecurity devices such as firewalls and the SIEM tool.

2.OIG-23-05Recommendation No $0 $0

Complete the risk-based selection and procurement of additional audit logging tools needed to strengthen audit logging tools, retention, and visibility to fully implement the minimum logging requirements stipulated in OMB M-21-31.

3.OIG23-05Recommendation No $0 $0

Acquire the additional resources needed to fully implement the minimum logging requirements stipulated in OMB M-21-31.

4.OIG23-05Recommendation No $0 $0

Complete implementation of OMB M-21-31 to achieve past due Event Logging 1 and 2 maturity levels and to meet the Event Logging 3 maturity due by August 27, 2023.

National Credit Union Administration OIG

United States