Agency Says TSP Participants to Receive 2-Factor Authentication

/by Admin
TSP millionaire by Bill Eager

Over 5.2 million participants in the Thrift Savings Plan will benefit from tight security measures that will be available on their online TSP accounts.

According to the agency that administers the TSP, the Federal Retirement Thrift Investment Board says that the implementation of two-factor authentication is underway for its participants accessing their online accounts.

According to an email by TSP spokesman David Toro to Federal News Network, the agency aims to have the system in place at the end of fiscal year.

Toro added that for the FRTIB, the project is its first priority since participants have been demanding to have a two-factor authentication to ensure their online TSP accounts have tight security measures.

At the moment, participants can only access their online accounts by entering their user ID and password. The FRTIB has recently added more features that enable participants to reset their online accounts passwords. The only way it could have been done previously was by over the participant’s phones.

Cybersecurity is a tough barrier to the majority of agencies across for the FRTIB. The systems are mostly under the threat of hackers accessing their personal information, and of the 123,000 participants, it was done through exploiting a 2012 board’s contractors.

To TSP participants, the addition of two-factor authentication is essential since the majority of them have been affected by two massive data breaches in 2015 at the Office of Personnel Management.

The FRTIB continued the effort to enhance its plan for addressing security and the increasing number of audit recommendations in the agency, which is a part of the two-factor authentication project.

Based on the TSP’s count, at the end of fiscal 2018, the agency will have 341 open audit recommendations. Among the two open recommendations in the agency, they date back to 2007, and as from 2016, 150 of them have not been met.

Since FRTIB is a small agency, it does not have an inspector general responsible for offering up recommendations. The Labor Department and independent consultation firms evaluate several areas such as the agency financial status, Federal Information Security Management Act (FISMA) compliance and performance of funds.

According to Ravi Deo, the Executive Director at FRTIB, he highlights that the agency is aiming to close about 30 audit recommendations at every quarter and they have a goal to close over 120 by the end of the coming fiscal year.

To achieve the goals, Deo highlights that they have a plan that is aggressive to closing audit recommendations at a faster rate compared to the previous period.

The FRTIB Office of Enterprise Risk Management and that of Technology Services have reviewed each of the 341 open recommendations. The score assigned is either critical, high, moderate or low. According to Deo, at the beginning of the month during the FTRTIB board meeting, he said that other new recommendations are in plan or progress.

A risk ranking will be assigned to each one by the agency once FRTIB has received and reviewed the audit with its findings. Deo highlights that findings with a rating of critical or high, the FRTIB will determine what will be done immediately to remediate them. The agency is hoping to develop multiple active plans for findings that have low-risk rankings.

Deo pointed out several signs on how security is improving at the FRTIB. There are no FRTIB vulnerabilities found by the Homeland Security Department at its National Cybersecurity Assessment and Technical Services that was tested in the past six months according to Deo.

New CISO compliance branch chief hired by FRTIB

In June, the agency hired a new chief information security officer while in September it hired an audit and compliance branch chief.

The plans to implementing two-factor authentication for TSP participants were cited by the FRTIB as part of auditing the finding remediation and plans to have security enhancement.

Also on the FRTIB bucket list is implementing an insider threat program that is formalized. The agency currently is lacking an insider threat program according to the March audit report that was made public earlier during the month by the Labor Department’s Employee Benefits Security Administration.

According to the audit, the agency is yet to implement controls for monitoring, preventing and detecting insider threats to the TSP.

A process to establish and evaluate the issue of insider threat continually has not been developed and implemented by the agency. Due to the controls required for identifying and monitoring infrastructure, these components have high-risk in physical and logical areas. The audit highlights that the agency has not assessed the requirement for insider threat training that is risk-specific. The weaknesses are present since the agency has not reached its formative stages to develop an insider threat program.

Deo highlights that in response to findings from the audit, the FRTIB plans to implement by August 2019 an insider threat program.

retirement benefits

Other Admin Articles

Critical Aspects of TSP Installments Sponsored By:Jeff Boettcher

10 Ways to Boost Your Retirement Savings - Regardless of Your Age

Ways to Catch Up on Retirement

Learn How to Live a Retirement That’s Worth Saving for

Leave a Reply



TSP & Retirement

Is TSP 2020 the Scariest Roller-Coaster Ride or a Merry-go-Round? By: Marvin Dutton

TSP Approves Budget for 2022 Fiscal Year. By: Aaron Steele

Social Security Benefits Might See the Largest Increase Since 1983

View All

Related Posts