The Office of Inspector General of the Federal Deposit Insurance Corporation reported deficiencies in five key areas of the FDIC's cloud computing security controls, ExecutiveGov reports.
The areas with deficiencies were identity and access management, cloud secret protection, patch management, flaw remediation, and audit logging. The audit conducted with Sikich also identified six common security weaknesses, including inconsistent secure coding practices, improper configuration of security settings, and failure to follow the least privilege access principle. Additionally, the audit highlighted reliance on outdated software and inadequate monitoring, leaving vulnerabilities unaddressed, with cloud service providers partly responsible. Sikich recommended developing a plan to prevent, detect, and remediate these security gaps. The FDIC has agreed with all recommendations and aims to address these issues by December 30, 2026.
