Security weaknesses in US Treasury Department’s information system could allow attackers to gain unauthorized access to FRB systems

• Audits conducted by GAO resulted in revelation of deficiencies in Fiscal Service’s information system controls.
• These new and continuing deficiencies will increase the risk of unauthorized access to FRB systems.

What is the issue - U.S. Government Accountability Office (GAO) published a management report on March 26, 2019, which stated that security weaknesses found in the US Treasury Department’s system could pose an increased risk of unauthorized access to Federal Reserve Bank (FRB) systems.

The big picture

GAO conducted audits for the fiscal years ended September 30, 2018, and 2017 to review the information system controls over key financial systems managed by the FRB that are relevant to the Schedule of Federal Debt.

• The audits resulted in identifying a new deficiency in Fiscal Service’s information system control affecting the configuration management.
• GAO also detected two continuing deficiencies in the information system controls that were identified in the previous fiscal year’s audit.
• The continuing deficiencies were not remediated as of September 30, 2017.
• These new and continuing deficiencies will increase the risk of unauthorized access to FRB systems.

“Until these new and continuing control deficiencies are fully addressed, there will be an increased risk of unauthorized access to, modification of, or disclosure of sensitive data and programs,” the report read.

Worth noting - GAO has recommended the Federal Reserve Bank to address the new deficiency that impacts the configuration management.

GAO has also decided to follow up to determine the status of corrective measures taken to address the reported deficiencies and the recommendations.

“The agency takes control deficiencies seriously and that FRB management is currently in the process of addressing the new and continuing information system general control deficiencies GAO identified during its fiscal year 2018 audit,” the Board of Governors of the Federal Reserve System said.