Testing involved using an FHFA-issued laptop and standard user account, with which auditors were able to access such information and run unapproved programs. Image: Kristi Blokhin/Shutterstock.com
By: FEDweek StaffAn inspector general audit has found that the Federal Housing Financing Agency’s network security controls “were not effective to protect its network and systems against internal threats.”
“Our penetration testing demonstrated that the Agency’s network has serious vulnerabilities that increase the likelihood that hacking attempts will succeed,” a report said, noting that the systems contain financial data from other federal agencies such as Fannie Mae and Freddie Mac as well as personally identifiable information on its own employees.
“If unauthorized access to FHFA’s network is successful, attackers may have ample opportunities to compromise the confidentiality, integrity, and availability of FHFA’s sensitive information. For example, attackers can extract, delete, or modify sensitive data, including PII; discover usernames and passwords; and launch denial-of-service attacks,” it said.
The testing involved using an FHFA-issued laptop and standard user account, with which auditors were able to access such information and run unapproved programs enabling them to gather information on FHFA computers and their users and information on when users last change their passwords. The agency had used two standard default passwords to set up new user accounts and some users had not changed them, allowing the auditors to access sensitive data using them.
Further, with a privileged user account, auditors were able to “to view, edit, or save files on the local drives of any user’s laptop or desktop, including those of FHFA executives at the highest levels. With privileged access, we also found unencrypted credentials to FHFA’s cloud environment on the local drive of a cloud administrator’s computer.” With that access, they were able to “transfer large amounts of sensitive user information” which the agency did not detect.
The report said management agreed with recommendations to tighten controls over user access and its cloud environment.
OPM Advises Agencies on Conducting RIFs During Shutdown
Updated Shutdown Contingency Plans Show Range of Impacts
Use Shutdown as Justification for More RIFs, OMB Tells Agencies
Unions Win a Round in Court Disputes over Anti-Representation Orders
Deferred Resignation Periods End for Many; Overall 12% Drop
Senate Bill Would Override Trump Orders against Unions
See also,
How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder
The Best Ages for Federal Employees to Retire
Best States to Retire for Federal Retirees: 2025
