Phase II Network Operations Vulnerability Assessment

November 25, 2002
Audit Report No. 03-007

Summary

PricewaterhouseCoopers Consulting (PwC), an independent professional services firm, was engaged by the Office of Inspector General (OIG) to perform a vulnerability assessment of the Federal Deposit Insurance Corporation's (FDIC) network operations. The work accomplished through this contract helped the OIG satisfy its Federal Information Security Management Act-related reporting requirements.

The scope of Phase II testing was specifically designed to focus on network perimeter and internal network controls. PwC found that the FDIC had invested significant resources in defending its network perimeter, and testing confirmed that these controls were operating effectively. PwC also determined that several improvements were needed in physical access security and the protection of sensitive data.

Recommendations

PwC made recommendations to the Director, Division of Administration (DOA), and the Acting Director, Division of Information and Resources Management (DIRM) to improve physical access security and the protection of sensitive data.

Management Response

DOA's and DIRM's responses to the recommendations were considered adequate.

This report addresses issues associated with information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.

Last Updated 11/05/2003