Footnote 1:  Independent Evaluation of the FDIC’s Information Security Program-2006 (FDIC-OIG Report No. 06 022), scheduled for issuance in September, 2006.

Footnote 2:  We performed a detailed analysis of the FDIC’s local area network/wide area network and mainframe general support systems. We also performed a limited analysis of a contractor system (Central Data Repository).

Footnote 3:  Response to Privacy Program Information Request in OMB’s Fiscal Year 2006 Reporting Instructions for FISMA and Agency Privacy Management (FDIC-OIG Report No. 06-018), dated September 22, 2006.

Footnote 4:  The OMB defines a significant deficiency as a weakness in an agency’s overall information systems security program or management control structure, or within one or more information systems that significantly restricts the capability of the agency to carry out its mission or compromises the security of its information, information systems, personnel, or other resources, operations, or assets. In this context, the risk is great enough that the agency head and outside agencies must be notified, and immediate or near-immediate corrective action must be taken. The OMB defines a material weakness as a deficiency that the agency head determines to be significant enough to be reported outside the agency (i.e., included in the annual management control report to the President and the Congress).

Footnote 5:  Independent Evaluation of the FDIC’s Information Security Program-2006 (Report No. 06-022), scheduled for issuance on September 28, 2006.