The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General issued a report on the FDIC’s efforts to implement the requirements of the Department of Homeland Security’s (DHS) Emergency Directive to Mitigate Domain Name System (DNS) Infrastructure Tampering (January 22, 2019). According to the Directive, DNS infrastructure tampering presents a “significant and imminent” risk to Federal information and information systems.
DNS infrastructure tampering occurs when an attacker intercepts or redirects an organization’s web or email traffic to a separate information technology (IT) infrastructure that the attacker controls. This allows the attacker to inspect and manipulate the traffic, thereby exposing the organization’s sensitive information and allowing the attacker to disrupt critical IT operations or perpetrate other malicious activity.
DHS Emergency Directive 19-01 required Federal Departments and Agencies (Agencies), including the FDIC, to take four specific actions within 10 business days of the issuance of the Directive to mitigate the risk of DNS infrastructure tampering. These actions consisted of auditing DNS records; changing DNS account passwords; implementing multi-factor authentication; and monitoring logs of digital certificates issued for the Agency’s websites. The Directive also required Agencies to provide DHS with status and completion reports covering the four actions.
We determined that the FDIC took responsive actions to address the requirements of DHS Emergency Directive 19-01. In addition, the FDIC provided DHS with timely status and completion reports.
We made no recommendations in this report.