FDIC: FDIC Information Technology Strategic Plan: 2017

About

The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. Learn about the FDIC’s mission, leadership, history, career opportunities, and more.

Learn More About the FDIC

FDIC Information Technology Strategic Plan: 2017 - 2020: Goal 1

Goal 1

Information Security & Privacy

Information security and privacy are ingrained in FDIC culture ensuring IT solutions are secure by design and cyber risks are well-understood, managed, and minimized in accordance with business needs

DESCRIPTION

The FDIC receives and works with sensitive information including nonpublic supervisory information and Personally Identifiable Information (PII) that must be kept secure and private, despite a landscape of constantly evolving threats. Information security contributes to achieving the other four goals by providing assurances that information can be shared and used appropriately by authorized persons.

OBJECTIVE 1.1

Use multi-factor authentication (MFA) to provide higher levels of assurance when accessing FDIC systems

The FDIC will require multi-factor authentication to access end-user devices and its computer systems as one approach for achieving comprehensive information security and privacy. The FDIC will provide Personal Identity Verification (PIV) cards and passwords to authorized users as a primary means to authenticate access to FDIC systems. Authorized external users will use other methods for MFA.

OBJECTIVE 1.2

Address emerging regulatory requirements, technology advancements, and the risks associated with new and evolving threats

In addition to adopting MFA, the FDIC will adhere to internal and external requirements such as the Federal Information Security Modernization Act (FISMA), Privacy Act, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. All new and existing contracts, when applicable, will also require service providers comply with these requirements. The FDIC will monitor requirements as they evolve and develop proactive responses. Technologies such as Data Loss Prevention (DLP) will improve the FDIC’s ability to detect and respond to emerging threats. For new capabilities, security and privacy risks will be evaluated at a project’s inception. Evaluating security and privacy risks will be a key factor in decisions to move applications to the cloud.

OBJECTIVE 1.3

Safeguard information wherever it resides, providing security and privacy protections commensurate with its sensitivity

The FDIC will assign safeguarding requirements to information according to its sensitivity and risk. Data owners will approve requirements for storage and use. The FDIC will explore technologies that can improve the FDIC’s ability to protect sensitive data from unauthorized sharing as it travels outside the FDIC’s security perimeter. The FDIC will assess and update security and privacy solutions as business needs change.

OBJECTIVE 1.4

Ensure that authorized users understand, accept, and follow security and privacy responsibilities

All FDIC employees, contractors, outsourced service providers, financial institutions, and other federal agencies, will complete security awareness training commensurate with their responsibilities. Through partnership with Human Resources, activities will lead to improved personal accountability for security and privacy. Regular communications will raise security and privacy awareness and reinforce individuals’ safeguarding responsibilities.

OUTCOME

Data and information systems are secure; confidentiality, integrity, and availability are maintained by people, processes, and technology

Use the .PDF file for a Printable version.
CIOO Strategic Plan 2020-2023 - PDF 1,075KB (PDF Help)

About

Resources

Analysis

News