FFIEC Issues OpenSSL “Heartbleed” Vulnerability Alert

The Federal Financial Institutions Examination Council (FFIEC) has issued an advisory to its member institutions advising a material security vulnerability in the OpenSSL cryptographic library that may put systems that use this encryption method at risk. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols commonly used to protect data in transit.

The FFIEC is specifically advising financial institutions to take the following steps with respect to their third party service providers:

  • Monitor the status of their vendors’ efforts;
  • Identify and upgrade vulnerable internal systems and services; and
  • Follow appropriate patch management practices3 and test to ensure a secure configuration.

Read full press release here