U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Critical Functions in FDIC Contracts

View Summary Announcement

Report Information

Publish Date
Report sub-type
Evaluation Report
Report Number
EVAL-21-002
Video
Critical Functions in FDIC Contracts

Unimplemented Recommendations

Revise the management oversight strategy for the procured Critical Functions performed under the BOAs for Managed Security Services Provider and Security and Privacy Professional Services to ensure that the strategy aligns with best practices.

Identify missing or insufficient controls in the BOAs and task orders for Managed Security Services Provider and Security and Privacy Professional Services, and implement appropriate corrective actions or compensating controls.

Implement periodic reviews for procured Critical Functions, including for the BOAs and task orders for Managed Security Services Provider and Security and Privacy Professional Services.

Determine when and how to assess for contractor over-reliance as part of the management oversight strategy.

Implement corrective actions when the FDIC determines it is over-reliant on a contractor for a procured Critical Function.