Summary

International Business Machines (IBM), an independent professional services firm, was engaged by the Office of Inspector General (OIG) to perform a vulnerability assessment of the Federal Deposit Insurance Corporation's (FDIC) network operations. The work accomplished through this contract helped the OIG satisfy its Federal Information Security Management Act-related reporting requirements.

The objectives of the review were to (1) evaluate the controls, policies, and procedures for the FDIC's Dial In Access and (2) analyze and test the FDIC's connectivity through the Internet Virtual Private Network (VPN) client. The scope of the review was specifically designed to focus on vulnerable areas with respect to security and those areas requiring further attention.

IBM concluded that the FDIC had implemented a number of good security practices regarding remote connectivity. IBM also identified several opportunities to further strengthen remote access controls to the FDIC network.

Recommendations

IBM made recommendations to the Division of Information and Resources Management (DIRM) to improve authentication controls for remote access.

Management Response

DIRM's proposed actions adequately addressed the intent of the recommendations.

This report addresses issues associated with information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.