Skip to main content

1. Control Weaknesses over Rules of Behavior Process (NCUA IT-20-01) We noted weaknesses over the Rules of Behavior process. Specifically, we noted that NCUA management did not ensure that two (2) users out of a sample of fifteen (15) new users, signed the NCUA’s Rules of Behavior (RoB) acknowledgement, indicating they had read, understood and agreed to abide by the RoB prior to the agency authorizing the users to access the NCUA network. NCUA management did not develop and implement a process to enforce and ensure that the NCUA Information System Security Manual isfollowed for the onboarding process and that the user’s RoB acknowledgement was appropriately completed before granting the users access to their systems.

Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
ec5fb539-5aff-41e6-a724-f227c13a4978-OIG-21-02030405
Report
NCUA 2020 Financial Statement Audits (SIF, OF, CLF, CDRLF)
Recommendation Number
OIG-21-02030405
Additional Details Link
https://www.oversight.gov/sites/default/files/oig-reports/NCUA/ncua-oig-financi…
Significant Recommendation
No
Migration Source
http://oversight-d7.lndo.site/node/195710
http://oversight-d7.lndo.site/node/195710/edit
https://www.oversight.gov/node/195710
https://www.oversight.gov/node/195710/edit