Effective January 29, 2018, the Federal Reserve Banks updated security controls for the FedLine Advantage®, FedLine Command®, FedLine Direct® and Check 21 Large File Delivery Solutions as part of our ongoing commitment to security. As impacted organizations prepare to comply by October 1, 2018, we want to remind you of the answers to some frequently asked questions.
FedLine Advantage, FedLine Command, FedLine Direct and Check 21 Large File End User Authorization Contacts (EUACs) are responsible for ensuring that their organizations and staff comply with the updated security controls by October 1, 2018.
Q: Do these updated security controls impact my organization?
A: The updated security controls apply to the FedLine Advantage, FedLine Command, FedLine Direct and Check 21 Large File Delivery Solutions. FedLine Web® customers are not impacted at this time.
Q: Where can I find the updated security controls?
A: Effective January 29, 2018, we updated FedLine and Check 21 Large File Delivery documentation to reflect the new security controls. The new and updated security controls cover the following topics:
- PC and Operating System Controls
- Server and Middleware Controls
- Device Controls
- Network Controls
- Operational Controls
Updated FedLine Advantage documents are available to FedLine Advantage EUACs via the EUAC Center within FedLine Home. FedLine Command, FedLine Direct and Check 21 Large File Delivery documents were distributed via email to EUACs responsible for these FedLine Solutions the week of January 29, 2018. Please work with your organization’s EUACs to review the documents.
Q: What has changed?
A: The beginning of each updated document features a “Document Change Notes” section. This section includes a summary of the controls that have been added or modified since the previous version of the document.
Q: Why has FedLine added new security controls?
A: As the threat landscape evolves, the Federal Reserve Banks continually review our FedLine security controls to help ensure that they address new and changing risks. Financial institutions are prime targets for fraudsters, and recent high-profile cases have justified the need to further secure environments that support critical payment activity. Additionally, federal and regulatory agencies have published similar controls as best practices aimed to improve the security posture of financial institutions. Our new security controls are designed to align with industry best practices and are critical for FedLine Solutions to maintain their high-level security posture.
Q: How will our compliance with the updated security controls be monitored?
A: At this time, the Federal Reserve Banks are not requesting compliance information from organizations. Bear in mind, as always, audit and regulatory organizations may choose to include your compliance against these policies and controls as part of their reviews. Compliance with our security controls is your legal obligation under Operating Circular 5, which contains the terms and conditions that apply to the use of the Federal Reserve Banks’ electronic connections.
Q: Where can I find more information?
A: Regarding your FedLine connection, EUACs are the primary contacts between your organization and the Federal Reserve Banks. EUACs and senior leaders at impacted organizations have received multiple emails about the updated security controls. We encourage you to work with your EUACs and technical staff to review the updated documentation and determine what changes your organization needs to make. If you have questions, please contact your account executive or the Customer Contact Center.