No. 2001-02

DATE: May 17, 2001

SUBJ: Information Systems - Network Security Guidelines

TO: The Corporate Credit Union Addressed:

The attachment, “Information Systems – Network Security Guidelines,” is to provide guidance to corporate credit unions for managing the risks involved in their Information Systems (IS) environments. These are general guidelines, and their issuance is intended to provide the basic criteria utilized by OCCU to assess IS environments. The criteria, however, are not absolute and will be used within the context of each corporate’s technology. A critical factor considered during OCCU’s evaluation is whether corporate management has developed and is implementing, at a reasonable pace, an IS security program that is commensurate with the degree of risk in its technological environment.

Our commitment is to work with corporates in the development of a technology base that can deliver cost effective member services in a secure environment. A continuing dialogue on security issues before, during, and following onsite contacts will help assure that goal. Please contact your district examiner, this office, or your State Supervisory Authority on any security matters you would like to discuss.

Sincerely,

Robert F. Schafer
Director
Office of Corporate Credit Unions

OCCU/SLF:sf:gc

Attachment

cc: State Supervisory Authorities
NASCUS
NAFCU
ACCU
Office of Examination and Insurance

bcc: Reading File
Regional Directors
All OCCU Staff
Office of General Counsel

draft: S:\WorkIn Process\Office Staff\Detailee\IS Security Guidance Letter.doc

final: S:\Directives\OCCUGuidanceLetter\2001-02-IS Security.doc

Attachment in PDF format--IS GuidanceLetterAttachment.PDF