Review of the FDIC’s Ransomware Readiness

Evaluate and implement solutions to protect backup data, as described in the report, and update the Storage Systems Backup Data Protection Standard Operating Procedures, as appropriate.

Evaluate and consider enhanced solutions to store backup data, as described in the report, and update the Storage Systems Backup Data Protection Standard Operating Procedures, as appropriate.

Review and update policies and procedures for identifying, assessing, and tracking new Federal IT requirements to ensure timely control implementation, as appropriate.

Conduct an analysis to identify viable alternatives for testing restoration of Active Directory from backups, or have senior management formally accept the risk of not testing these backups.

Develop a process to ensure the Continuity Implementation Plan is regularly updated in a timely manner to ensure it is current, complete, and accurate.

Develop and implement a process to periodically review and update key personnel enrolled in WPS, including those in the CIOO Executive Management Emergency Command Team, and perform quarterly testing as part of its Emergency Communications Program.

Develop and implement a process to ensure employees and contractors in a Continuity Implementation Plan role are assigned and complete initial Disaster Recovery Awareness Training in the FDIC Learning Experience system.

Develop and implement a process to ensure employees and contractors in a Continuity Implementation Plan role are assigned and complete annual Disaster Recovery Awareness Training in the FDIC Learning Experience system.