By William Jackson
GCN.com
May 03, 2010
The Federal Housing Finance Agency, a fledgling organization created in
2008 to oversee federal mortgage activities, has not fully implemented an information security program, resulting in weaknesses in its information technology security, according to the Government Accountability Office.
"FHFA has made important progress in developing and documenting its policies and procedures for the agency's information security program,"
GAO concluded in its report. "However, policies, procedures, plans, and technical standards related to information security did not always reflect the current agency operating environment; and FHFA did not always effectively monitor its systems."
GAO found that FHFA did not always maintain authorization records for network and system access, and did not enforce least-privilege policies for system and application users. It also did not have adequate physical security and environmental safety controls for facilities housing IT resources.
"Until the agency strengthens its logical access and physical access controls and fully implements an information security program that includes policies and procedures reflecting the current agency environment, increased risk exists that sensitive information and resources will not be sufficiently protected from inadvertent or deliberate misuse, improper disclosure, or destruction," GAO concluded.
[...]