Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, and 84.379 - Student Financial Assistance Cluster
Federal Award Identification #: 2023-2024 Award Year
Condition: The College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $0
Context: The College had not implemented multi-factor authentication (MFA) on all systems containing personally identifiable information (PII) during the fiscal year to comply with 16 CFR 314.4(c)(5). Subsequent to year-end, all but one system has MFA added.
Cause: For the system that did not allow MFA natively in the prior year, a new system was identified, and the College moved to the new system shortly after fiscal year end. There is one additional system that the College is working to implement MFA as soon as possible. We commend the College for the substantial work done during the year.
Effect: The College may have unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Yes, 2023-003
Recommendation: We recommend the College implement MFA on the one remaining system.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.