![]() ![]() Follow appropriate patch management practices 1 and test to ensure a secure configuration.Identify and upgrade vulnerable internal systems and services.Monitor the status of their vendors' efforts.Ensure that third-party vendors that use OpenSSL on their systems are aware of the vulnerability and take appropriate risk mitigation steps.Financial institutions should monitor the status of their third-party service providers and vendors' efforts to implement patches on software that uses OpenSSL and to take the following steps, as appropriate:.The FDIC expects financial institutions to upgrade vulnerable systems as soon as possible, following appropriate patch management practices.A significant vulnerability has been found in OpenSSL that could allow an attacker to decrypt, spoof, or perform attacks on network communications that would otherwise be protected by encryption.Financial institutions may use OpenSSL in common network services such as Web servers, email servers, virtual private networks, instant messaging, and other applications. OpenSSL is an open-source implementation of the Secure Sockets Layer and Transport Layer Security protocols.Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. ![]() ![]() The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached alert advising financial institutions of a material security vulnerability in OpenSSL, a popular cryptographic library used to authenticate Internet services and encrypt sensitive information. Technology Alert: OpenSSL "Heartbleed" Vulnerability Printable Format: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |