By William Jackson
May 03, 2010
The Federal Housing Finance Agency, a fledgling organization created in
2008 to oversee federal mortgage activities, has not fully implemented
an information security program, resulting in weaknesses in its
information technology security, according to the Government
"FHFA has made important progress in developing and documenting its
policies and procedures for the agency's information security program,"
GAO concluded in its report. "However, policies, procedures, plans, and
technical standards related to information security did not always
reflect the current agency operating environment; and FHFA did not
always effectively monitor its systems."
GAO found that FHFA did not always maintain authorization records for
network and system access, and did not enforce least-privilege policies
for system and application users. It also did not have adequate physical
security and environmental safety controls for facilities housing IT
"Until the agency strengthens its logical access and physical access
controls and fully implements an information security program that
includes policies and procedures reflecting the current agency
environment, increased risk exists that sensitive information and
resources will not be sufficiently protected from inadvertent or
deliberate misuse, improper disclosure, or destruction," GAO concluded.
Best Selling Security Books and More!
Shop InfoSec News