The CNBV has not inventoried sensitive information from its systems or those of service providers, ASF indicated.
The National Banking and Securities Commission (CNBV) , responsible for regulating, supervising and sanctioning entities in the financial system, shows weakness in critical cybersecurity controls.
There are five cybersecurity areas (25%) in red light, which lack control because they have a compliance level of less than 30%, identified the Superior Audit Office of the Federation (ASF) .
These controls are: data protection, hardware assets, penetration testing, security awareness program, and need-to-know access.
In terms of data protection
it has no inventory of sensitive information stored, processed or transmitted by its systems or those it has with service providers.
In addition, it lacks a methodology to classify critical data and assets, the ASF said.
“There is no automated tool at the network perimeter to monitor the unauthorized transfer of sensitive information.
“Despite network monitoring, there are no mechanisms in place to detect unauthorized use of data encryption .”
Held.
Similarly, another eight (40%) CNBV cybersecurity controls are in yellow, as they require strengthening.
These controls include software assets, perimeter security, incident response and management, monitoring and account control, and wireless access control.
As well as the controlled japan whatsapp number data use of administrative privileges, maintenance, monitoring and analysis of audit logs, and the restriction and control of ports, protocols and services.
It does not have centralized authentication
Regarding monitoring, the ASF noted that the CNBV does not have a centralized authentication point for network, security and cloud systems.
“Highly privileged administration accounts do not use multi-factor authentication.
There is no automated process for
revoking access to systems immediately following termination or change of responsibilities. No alerts the third trick is that a larger font “increases” the price as well are generated for deviation from normal login behavior
He explained.
Only 35%, the CNBV reached an acceptable level of compliance.
To assess cybersecurity, the Audit used the CIS framework, which refers to the Center for. Internet Security’s bw lists Critical Security Controls for critical ICT infrastructure.
That is, the data center. Telecommunications, perimeter security, development environments and access controls.