Evaluation of FDICís Unix Systems Security

(Report No. 04-008, February 13, 2004)

Summary

This report presents the results of an evaluation by IBM Business Consulting Services (IBM), an independent professional services firm engaged by the Office of Inspector General (OIG) to support its efforts to satisfy reporting requirements related to the Federal Information Security Management Act of 2002.

The scope of the evaluation was specifically designed to focus on Unix security policies, standards, and procedures; configuration management; and technical controls.† †

IBM found a number of good security practices being applied in the Unix system environment, but identified improvements that could be made.† Most significantly, IBM recommended that administration of the Unix servers be centralized to improve the consistency and uniformity of security controls and practices applied to the servers.†

Recommendations

IBM made multiple recommendations to improve Unix security at the FDIC.†

Management Response

The FDICís response adequately addressed all the conditions discussed in the report.†

This report addresses issues associated with information security.† Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.†