Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379-Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The University did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $-0-
Context: The University has not implemented multi-factor authentication on all systems containing personally identifiable information (PII), implemented all required safeguards under the revised legislation, and implemented a frequency of reviews on critical vendors.
Cause: The University has made significant progress in addressing and documenting compliance with the updated requirements of GLBA and has a couple of remaining areas on the road map to complete.
Effect: The University may have unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable
Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.