The CNBV has not inventoried sensitive information from its systems or those of service providers, ASF indicated.
The National Banking and Securities Commission (CNBV) , responsible for regulating, supervising and sanctioning entities in the financial system, shows weakness in critical cybersecurity controls.
There are five cybersecurity areas (25%) in red light, which lack co telegram database users list ntrol because they have a compliance level of less than 30%, identified the Superior Audit Office of the Federation (ASF) .
These controls are: data protection, hardware assets, penetration testing, security awareness program, and need-to-know access.
In terms of data protection
it has no inventory of sensitive information stored, processed or transmitted by its systems or those it has with service providers.
In addition, it lacks a methodology to classify critical data and assets, the ASF said.
“There is no automated tool at the network perimeter to monitor the unauthorized transfer of sensitive information.
“Despite network monitoring, there are no mechanisms in place to detect unauthorized use of data encryption .”
Held.
Similarly, another eight (40%) CNBV cybersecurity controls are in yellow, as they require strengthening.
These controls include software assets, perimeter security, incident response and management, monitoring and account control, and wireless access control.
As well as the controll e of administrative privileges, maintenance, monitoring and analysis of audit logs, and the restriction and control of ports, protocols and services.
Regarding monitoring, the ASF noted that the CNBV does not have a centralized uk data authentication point for network, security and cloud systems.
“Highly privileged administration accounts do not use multi-factor authentication.
There is no automated process for
revoking access to systems immediately following termination or cha it’s important to note here that nge of responsibilities. No aler deviation from normal login behavior
He explained.
Only 35%, the CNBV reached an acceptable level of compliance.