An inspector general has identified weaknesses in a pair of security controls aimed at thwarting and detecting cyber threats on the Federal Deposit Insurance Corporation’s network.
The audit came on the heels of a string of data breaches at FDIC in late 2015 and 2016, and the IG chose to focus on the pair of security controls aimed at thwarting and detecting cyber threats on the agency’s network.
The redacted report, issued May 28, identified weaknesses in the area of firewalls and Security Information and Event Management tools.
More specifically, the IG homed in on the fact that many firewall rules lacked a documented justification and the firewalls didn’t adhere with FDIC’s minimally acceptable system configuration requirements. FDIC also didn’t always require administrators to uniquely identify and authenticate when accessing network firewalls.
FDIC also didn’t have a written process to manage the identification, development, implementation, maintenance and retirement of automated queries for the SIEM tool. When this automated query, known as a Use Case, detects suspicious activity, the SIEM tool alerts FDIC’s Computer Security Incident Response Team for further investigation.
The IG made 10 recommendations to bolster FDIC’s network firewalls and SIEM tool. Among them were documenting the firewall rules, setting up and implementing a firewall policy, and establishing a process to manage Use Cases for the SIEM tool.