Federal Housing Finance Agency Office of Inspector General Kearney & Company, P.C.’s Results of the Federal Housing Finance Agency’s Cybersecurity Act Audit Audit Report AUD-2016-004 August 11, 2016 The Federal Housing Finance Agency (FHFA) Office of Inspector General (OIG) issued the subject report to FHFA management on August 11, 2016. Section 406(b) of the Cybersecurity Act of 2015 requires OIG to report to Congress the following information to be collected from FHFA on FHFA computer systems that provide access to personally identifiable information (PII): A description of the logical access policies and practices used by FHFA to access each covered system, including whether appropriate standards were followed; A description and list of the logical access controls and multi-factor authentication used by FHFA to govern access to covered systems by privileged users; A description of the information security management practices used by FHFA regarding covered systems, including: (1) the policies and procedures followed to conduct inventories of the software present on FHFA’s covered systems and the licenses associated with such software; (2) what capabilities FHFA utilizes to monitor and detect exfiltration and other threats, including data loss prevention capabilities, forensics and visibility capabilities, or digital rights management capabilities; and (3) a description of how FHFA is using the aforementioned capabilities; and A description of FHFA’s policies and procedures with respect to ensuring that entities, including contractors, that provide services to FHFA are implementing the information security management practices referenced above. On August 11, 2016, OIG issued this report to provide the information collected to FHFA management and Congress. OIG is assessing whether the information in the report could be used to circumvent FHFA’s internal controls; therefore, the report has not been released publicly. OIG expects to complete its assessment shortly.
Kearney & Company, P.C.'s Results of the Federal Housing Finance Agency's Cybersecurity Act Audit
Published by the Federal Housing Finance Agency, Office of Inspector General on 2016-08-11.
Below is a raw (and likely hideous) rendition of the original report. (PDF)