Highlights: 

• FOSS refers to software that users are allowed to run, study, modify and redistribute without paying a licensing fee. Well-known examples are the Linux operating system, Apache Web server and mySQL database.
• The use of FOSS is increasing in the mainstream information technology and financial services communities.
• The federal regulatory agencies believe that using FOSS does not impose risks to institutions that are fundamentally different from risks presented by proprietary or self-developed software. However, acquiring and using FOSS necessitates that institutions implement unique risk-management practices.
• This guidance supplements the FFIEC IT Examination Handbook's Development and Acquisition Booklet by addressing strategic, operational and legal risk considerations in acquiring and using FOSS.

Distribution: 
FDIC-Supervised Banks (Commercial and Savings) 

Suggested Routing: 
Chief Executive Officer 
Chief Technology Officer 
Chief Information Officer 

Note: 
For your reference, FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2004/index.html . 

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html . 

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).