The FDIC's Information Security Program - 2024

Date Issued

Wednesday, September 25, 2024

Submitting OIG

Federal Deposit Insurance Corporation OIG

Other Participating OIGs

Federal Deposit Insurance Corporation OIG

Agencies Reviewed/Investigated

Federal Deposit Insurance Corporation

Report Number

EVAL-24-07

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Update and implement the POA&M Management and Acceptance of Risk Process document to clearly define requirements of when vulnerabilities must be documented within a POA&M, and what the remediation timeline for POA&Ms must be.
2	No	$0	$0
Enforce existing policies and procedures to consistently perform reviews and analyze system audit records, and document and maintain those reviews and analysis for privileged users and actions taken on [redacted] devices in accordance with FDIC policy.