U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Security Controls Over the FDIC’s Wireless Networks

View Summary Announcement

Report Information

Publish Date
Report sub-type
Review
Report Number
REV-23-001
Video
Security Controls Over the FDIC’s Wireless Networks

Unimplemented Recommendations

Ensure that wireless security weaknesses are consistently documented in POA&Ms and updated accordingly.

Develop and implement a policy to review, approve, and centrally manage the configuration settings of current and future Wi-Fi enabled devices in FDIC facilities, before set-up and subsequent updates.
 

Conduct a review of FDIC wireless devices and identify those that should not be broadcasting inside and leaking outside the buildings and take appropriate mitigation measures.

Develop and implement a process to regularly examine FDIC wireless devices and their broadcast areas in order to determine appropriate mitigation measures.

Develop and provide training to appropriate personnel on the use of vendor hardening guidelines in conducting controls testing.

Develop and implement a process to regularly reconcile vulnerability scanning results to the inventory list of wireless infrastructure devices, so as to ensure that all devices are included in the FDIC’s vulnerability scans.

Resolve incompatibilities between the third-party vendor’s scanning tool and FDIC wireless infrastructure components, or conduct an analysis to identify viable alternatives for FDIC wireless infrastructure components and the associated level of effort and costs to enhance the vulnerability scanning process.

Develop, update, and implement wireless policies, procedures, and standards that reflect the FDIC’s current business practices and key aspects of wireless data communications, roles and responsibilities, and acceptable use agreements.

Text Alternative

Text alternative available upon request.