Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, and 84.379-Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $-0-
Context: The College has not implemented multi-factor authentication (MFA) on all systems containing personally identifiable information (PII) and fully documented its vendor management program, including updates to the board on vendors that do not meet the College’s security requirements.
Cause: The College has put forth significant effort to comply with the updated regulations. One system does not allow MFA natively, and the College is exploring options to improve its security related to this system. As part of this review, the College is working to vet all potential vendors related to this system's business functions and will be providing updates to the board.
Effect: The College may have unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.