Skip Header
U.S. flag

An official website of the United States government

Financial Institution Letters

FIL-16-2014
April 11, 2014

Technology Alert: OpenSSL "Heartbleed" Vulnerability

Printable Format:

FIL-16-2014 - PDF (PDF Help)

Summary:

The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached alert advising financial institutions of a material security vulnerability in OpenSSL, a popular cryptographic library used to authenticate Internet services and encrypt sensitive information.

Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.

Highlights:

Suggested Distribution:

Suggested Routing:

Attachment:

Related Topics:

Contact:

Note:

FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2014/.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

1 Patch management, software maintenance, and security update practices are covered by a number of FFIEC IT Examination Handbooks including Development and Acquisition, Information Security, and Operations.