Home

Letter;

Document Sample
Letter;
Shared by: 837dc4f1ea930e97
Categories
Tags
Stats
views:
17
posted:
6/11/2009
language:
English
pages:
1
NCUA LETTER TO CREDIT UNIONS

NATIONAL CREDIT UNION ADMINISTRATION

1775 Duke Street, Alexandria, VA 22314



DATE: September 2003 LETTER NO.: 03-CU-14



TO: Federally Insured Credit Unions



SUBJ: Computer Software Patch Management



ENCL: Guidance on Developing an Information System Patch

Management Program to Address Software Vulnerabilities



Dear Manager and Board of Directors:



The National Credit Union Administration (NCUA) is providing credit unions with the enclosed guidance,

recently issued by the Federal Deposit Insurance Corporation (FDIC), in an effort to assist credit unions

in the development of an effective computer software patch management program encompassing

appropriate policies, procedures, and practices in order to mitigate risks associated with commercial

software vulnerabilities.



During the past year, many companies and some credit unions have experienced security breaches

that could have been prevented through the timely identification and patching of software vulnerabilities.

This guidance provides information about the importance of maintaining an effective computer software

patch management program and information technology (IT) infrastructure. In addition, the guidance

provides credit unions with background information on the risks associated with software vulnerabilities

and how they can be mitigated through an effective patch management program.



Many credit unions rely on commercially developed software to support business processes and an IT

infrastructure. Common types of software include operating systems, core processing systems,

business applications (e.g., word processing, spreadsheet, and database programs), and system

services (e.g., anti-virus programs, firewalls, etc.). Commercially developed software may contain

flaws that create security and performance vulnerabilities. These vulnerabilities may cause system

unavailability or corrupt critical system components or data. Although software vendors often develop

updates, or "patches," to correct identified weaknesses, it is the software user's responsibility to update

systems or install patches in a timely manner.



If you have any questions or concerns, please contact your NCUA regional office or State Supervisory

Authority.



Sincerely,



/S/



Dennis Dollar

Chairman



Enclosure


Share This Document

Embed
Email
Related docs
The Letter A
Views: 197  |  Downloads: 2
Letter
Views: 177  |  Downloads: 4
Letter
Views: 195  |  Downloads: 1
Letter
Views: 56  |  Downloads: 2
This is the letter
Views: 23  |  Downloads: 0
LETTER
Views: 79  |  Downloads: 0
LETTER
Views: 38  |  Downloads: 0
LETTER
Views: 16  |  Downloads: 0
LETTER
Views: 13  |  Downloads: 0
The Letter
Views: 90  |  Downloads: 0
letter
Views: 9  |  Downloads: 0
The Letter
Views: 23  |  Downloads: 0
letter_
Views: 3  |  Downloads: 0
Letter
Views: 3  |  Downloads: 0
letter
Views: 2  |  Downloads: 0
Letter
Views: 32  |  Downloads: 2
Other docs by 837dc4f1ea930e...
Guidelines for Submission of an Application for a PCA
Views: 8  |  Downloads: 0
NicolaGraham-Perkins
Views: 2  |  Downloads: 0
Nathan Marcum
Views: 15  |  Downloads: 0
Schedule of Outstanding Loans
Views: 5  |  Downloads: 0
Doubling Accomplishments-Selected Examples
Views: 2  |  Downloads: 0
Guidelines Human Subjects Protection and Inclusion
Views: 27  |  Downloads: 1
Comments 03-26-09[766]
Views: 3  |  Downloads: 0
NCUA's Express Chartering Procedure
Views: 15  |  Downloads: 0
January 2007 - December 2007
Views: 1  |  Downloads: 0
User Instructions
Views: 4  |  Downloads: 0
by registering with docstoc.com you agree to our
privacy policy
Close

You are almost ready to download!

close

You are almost ready to download!