Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Housing Agency Didn’t Complete Cyber Orders From DHS, Report Says

The agency said that some of its websites failed to comply with binding operational directives from the Department of Homeland Security.

The Federal Housing Finance Agency,  a small, independent agency tasked with oversight of federal mortgage providers Fannie Mae and Fannie Mac,  fell short on enacting binding operational directives from the Department of Homeland Security covering cybersecurity issues, according to an audit by the agency’s inspector general released Aug. 31. 

The agency lacks a documented process or procedure to implement directives from DHS, which federal agencies are required to comply with – something the report says could cause the agency to respond in an “ad-hoc, reactive manner.”

FHFA’s chief information security officer told auditors that they assign these directives to appropriate analysts to process when the agency receives them. 

The report notes the potential impact of the lack of a documented process, saying that “in the absence of the CISO… staff may not have defined responsibilities for handling the BODs, and the required actions may not be completed timely in response to DHS BODs.”

Of the three directives the inspector general office looked into, the agency complied with one fully. But the watchdog found problems with the requirement to publish a vulnerability disclosure policy, as well as the agency’s implementation of 2017 web and email security standards called BOD-18-01. Although FHFA complied with email requirements, it didn’t meet all web security requirements for publicly accessible websites, the report says.

“FHFA did not configure all of its publicly accessible websites and web services with a secured connection,” the report says. This was “because these websites and web services were managed by a third-party vendor and were not under FHFA’s control.”

That oversight on at least five of 43 websites could put user information at risk to interception, tracking and more, and puts FHFA systems at risk for so-called man-in-the-middle attacks, the report says.

FHFA said in comments included in the report that it’s working on fixing weaknesses found in the report. 

Source: https://www.nextgov.com/cybersecurity/2022/09/housing-agency-didnt-complete-cyber-orders-dhs-report-says/376738/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO