Federal Housing Finance Agency OIG: FHFA failed to follow its cloud-based computing requirements

“The Federal Housing Finance Agency (FHFA or Agency), established by the Housing and Economic Recovery Act of 2008, is responsible for the supervision, regulation, and housing mission oversight of Fannie Mae and Freddie Mac (together, the Enterprises), and the Federal Home Loan Bank System (FHLBanks) (collectively, the regulated entities), and the FHLBanks’ fiscal agent, the Office of Finance. Since 2008, FHFA has served as conservator of the Enterprises.”

“FHFA uses cloud services provided by contractors to process, store, or transmit certain FHFA mission-related and non-mission related information. FHFA also uses a number of cloud security tools provided by contractors to assist in the oversight and management of its General Support System (GSS). FHFA’s acquisition procedures directs that an information technology (IT) security clause is included in contracts for externally hosted information systems operated by a contractor on behalf of FHFA. In April 2018, FHFA established a methodology to prioritize resources on information systems, including those in the cloud, that present the greatest risk to the Agency. Among other things, for cloud-based GSS tools, the methodology requires the validation of the implementation of minimum security requirements and the inclusion of IT security provisions in cloud service contracts.

“We conducted this audit to determine whether FHFA followed its policies for cloud-based IT services. Our review period was April 2018 through April 2020.”

“We found that FHFA failed to follow its methodology by not validating the implementation of the minimum security requirements for its cloud-based GSS tools. We also found that FHFA did not include the required IT security provisions in some cloud service contracts.”

“Based on our findings in this audit, we make three recommendations in this report. In a written management response, FHFA agreed with our recommendations…”

Access the full 19-page report here.

Source: FHFA Failed to Follow its Cloud-Based Computing Requirements when it Did Not Validate the Implementation of Minimum Security Requirements for Cloud-Based Tools and Did Not Include Required IT Security Provisions in Some of its Cloud Service Contracts – September 17, 2020. Federal Housing Finance Agency OIG.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 year, 4 months ago.

  • Author
  • #107973

    Replies viewable by members only

  • #108075
    • Anonymous

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2022 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?