Governance, Risk and Compliance, Cloud Security

Audit finds shortcomings in FDIC’s cloud security

Share
neon cloud computing technology concept, illustration.

The Office of Inspector General of the Federal Deposit Insurance Corporation reported deficiencies in five key areas of the FDIC's cloud computing security controls, ExecutiveGov reports.

The areas with deficiencies were identity and access management, cloud secret protection, patch management, flaw remediation, and audit logging. The audit conducted with Sikich also identified six common security weaknesses, including inconsistent secure coding practices, improper configuration of security settings, and failure to follow the least privilege access principle. Additionally, the audit highlighted reliance on outdated software and inadequate monitoring, leaving vulnerabilities unaddressed, with cloud service providers partly responsible. Sikich recommended developing a plan to prevent, detect, and remediate these security gaps. The FDIC has agreed with all recommendations and aims to address these issues by December 30, 2026.

Audit finds shortcomings in FDIC’s cloud security

The areas with deficiencies were identity and access management, cloud secret protection, patch management, flaw remediation, and audit logging.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.