Committee to Establish the
National Institute of Finance
Providing the data and analytic tools needed to safeguard the U.S. financial system
Home FAQs: NIF's data needs
FAQs - Data needs of the NIF
How will data integrity be managed within the NIF application environment?  E-mail

The NIF's Federal Financial Data Center will be governed in compliance with the Federal Information Security Management Act (FISMA) of 2002. This act defines standards, guidelines and information security requirements for all federal agencies. Included under the regulations and practices are activities designed to ensure the integrity and authenticity of the data. In addition to FISMA, the data will also be subject to the appropriate securities and financial sector regulations.

Would financial institutions outside of the NIF have access to the data?  E-mail

Financial entities and other institutions (beyond regulatory agencies specifically identified in legislation) would only have access to aggregated data that is deemed public under rules and guidelines established by the NIF.

How would access to the data be controlled?  E-mail

Access to the data contained within the Federal Financial Data Center would be controlled by formal policies and procedures, enforced by access control rules that determine the type of data accessible by various functions and users. These access control policies would be implemented in compliance with current federal standards and best practices.

Automated and manual access controls would be a primary focus of the security design and implementation. The development stage would identify the expected users and all possible access privileges to support the processing requirements. Identification controls would be developed to ensure that only authorized users could access the system. Role-based access controls would inventory privileges and entitlements, and would package these into various role groups that would then be assigned carefully to internal and external users based on their responsibilities. 

What measures will be used to minimize the risk of access by hackers?  E-mail

The NIF's Federal Financial Data Center (FFDC) will include preventive hardware and software controls that will minimize the risk of intrusion and damage by hackers (e.g., software and hardware firewalls, role based access controls, intrusion detection systems). Operating the FFDC under best practices, engaging in periodic risk assessments and continuous penetration testing will routinely assess the NIF's processing environment to determine if control upgrades are needed. Incident response controls would identify possible intrusions and quickly initiate automated and manual procedures to prevent or minimize exposure of data and resources.

How would security be designed and managed to ensure: (1) the adequacy of the initial security and (2) the maintenance of security at a high level through the life of the NIF program?  E-mail

The design, assessment, mitigation and risk control processes of the security systems would be in compliance with both the Federal Information Security Management Act (FISMA) and with the guidelines provided by the National Institute of Standards and Technologies. These standards and guidelines are designed to ensure the creation and maintenance of secure systems for the most sensitive U.S. government data. The system would not be implemented without the successful completion of a comprehensive security test and evaluation (ST&E) that determines the adequacy of the designed controls. The system's security would be assessed annually through FISMA-required self-assessment, and every three years through the more rigorous ST&E process.

<< Start < Prev 1 2 3 4 5 6 Next > End >>

Page 1 of 6