The Federal Deposit Insurance Corporation's Office of Inspector General has found deficiencies in five key areas of the FDIC's cloud computing security controls, ExecutiveGov reported.
Areas of deficiencies were identity and access management, cloud secrets protection, patch management, bug fixes, and audit logging. The audit with Sikich also identified six common security vulnerabilities, including inconsistent secure coding practices, improper configuration of security settings, and failure to follow the principle of least privilege access. Additionally, the audit highlighted reliance on outdated software and inadequate monitoring, leaving vulnerabilities unaddressed, with cloud providers partially responsible. Sikich recommended developing a plan to prevent, detect, and fix these vulnerabilities. The FDIC agreed with all recommendations and aims to address these issues by December 30, 2026.
