Report: FDIC info-security systems ‘effective,’ but improvements recommended

An independent audit of the Federal Deposit Insurance Corp.’s (FDIC) information security program showed the program to be effective but warranting improvements, the agency’s Office of Inspector General (OIG) said in a report released Thursday.

The OIG said KPMG, the firm conducting the audit, focused on the fiscal 2024 metrics applied under the Federal Information Security Modernization Act (FISMA).

“While KPMG found that the FDIC established a number of information security program controls and practices that were consistent with FISMA requirements, the report describes security control weaknesses that reduced the effectiveness of the FDIC’s information security program and practices,” the report said.

The firm made three new recommendations, noted two outstanding ones from prior reports, and pointed to “other time-sensitive activities warranting the FDIC’s continued attention.” It said the FDIC concurred with the recommendations and plans to complete corrective actions by Sept. 30, 2025.

The FDIC’s Information Security Program – 2024