Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance Other Matter DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4(c)(5)
Questioned Costs: $-0-.
Context: The College has not implemented multi-factor authentication (MFA) on all systems containing personally identifiable information (PII).
Cause: The College is transitioning between student information systems so had not enabled the MFA on the legacy system.
Effect: The College has not adequately addressed the requirements of GLBA for the period under audit, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend the College implement MFA as soon as possible on any system containing PII.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.