- FOSS refers to software that users are allowed to run, study, modify and redistribute without paying a licensing fee. Well-known examples are the Linux operating system, Apache Web server and mySQL database.
- The use of FOSS is increasing in the mainstream information technology and financial services communities.
- The federal regulatory agencies believe that using FOSS does not impose risks to institutions that are fundamentally different from risks presented by proprietary or self-developed software. However, acquiring and using FOSS necessitates that institutions implement unique risk-management practices.
- This guidance supplements the FFIEC IT Examination Handbook's Development and Acquisition Booklet by addressing strategic, operational and legal risk considerations in acquiring and using FOSS.
FDIC-Supervised Banks (Commercial and Savings)
Chief Executive Officer
Chief Technology Officer
Chief Information Officer
FFIEC IT Examination Handbook, Development and Acquisition Booklet
FFIEC Guidance: "Risk Management of Free and Open Source Software"
Jeffrey M. Kopchik, Senior Policy Analyst, firstname.lastname@example.org or 202-898-3872.
FIL-114-2004 – PDF (PDF Help)
For your reference, FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2004/index.html.
To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.
Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).