ALEXANDRIA, Va.—An audit of NCUA’s cyber information sharing reveals the agency needs to mature its governance processes.
That is one of the key findings from NCUA’s Office of Inspector General, which conducted an audit (report dated June 9) to assess how effectively the agency has shared cyber threat information.
The OIG said its objectives were to determine whether the NCUA effectively used shared cyber threat information for the supervision of credit unions and implemented effective processes to share cyber threat information to support credit union and financial system resiliency.
The scope of the audit covered cyber threat information sharing from March 1, 2022, through Dec. 31, 2024.
“Our audit determined the NCUA needed to mature its governance processes for cyber threat information sharing to support supervision of credit unions more effectively during a cybersecurity event or incident that may increase risk to the Share Insurance Fund and financial services sector stability,” NCUA’s OIG stated.
Additionally, NCUA did not effectively acquire, analyze, and use cyber threat information for internal analysis and external response, NCUA’s OIG said.
“Finally, NCUA continues to need statutory examination and oversight authority over third-party vendors to be able to effectively assess and monitor third-party cybersecurity exposures,” the OIG added.
The OIG made eight recommendations in the report to address the issues it identified.
Click here for the full report.