Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Financial Institution Letters

April 11, 2014

Technology Alert: OpenSSL "Heartbleed" Vulnerability

Printable Format:

FIL-16-2014 - PDF (PDF Help)


The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached alert advising financial institutions of a material security vulnerability in OpenSSL, a popular cryptographic library used to authenticate Internet services and encrypt sensitive information.

Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.


Suggested Distribution:

Suggested Routing:


Related Topics:



FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at

To receive FILs electronically, please visit

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

1 Patch management, software maintenance, and security update practices are covered by a number of FFIEC IT Examination Handbooks including Development and Acquisition, Information Security, and Operations.