Veracode GLBA Compliance Solution
The Gramm-Leach-Bliley Act (GLBA) of 1999 is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition among banks, securities companies and insurance companies. GLBA includes provisions to protect consumers’ personal financial information held by financial institutions as described in section 501(b) – Financial Institution Safeguards as follows
- Ensure the security and confidentiality of customer records and information
- Protect against any anticipated threats or hazards to the security or integrity of such records
- Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer
As part of its implementation of GLBA, the Federal Trade Commission (FTC) issued the Privacy Rule and the Safeguards Rule, which require financial institutions under its jurisdiction to design, implement and maintain an information security program to protect the privacy and integrity of customer data. Additionally, financial institutions may be subject to GLBA enforcement from seven other authorities depending on their jurisdiction. To simplify interagency enforcement, the Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with GLBA.
Software Security and GLBA
According to Gartner, 75 percent of all new attacks are directed at software applications. With applications controlling access to sensitive customer financial information, application security testing plays a critical role in safeguarding customer data. In fact, the FFIEC has incorporated application security guidelines in its security handbook and advises financial institutions that “information security is a critical part of internally and externally developed software” in its guide to Software Development and Acquisition.
Veracode Helps Financial Institutions Achieve GLBA Compliance
Veracode’s on-demand application security testing solution allows financial institutions to quickly and cost-effectively meet GLBA compliance as part of their overall security program to protect customer information. Independent testing against industry benchmarks allows organizations to demonstrate to auditors that they are compliance with relevant sections of GLBA following the recommended interagency guidelines using the FFIEC Information Security Handbook:
- Risk Assessment - Veracode application testing allows organizations to assess risks and vulnerabilities in software that handles private customer information. Learn More...
- Information Security Strategy – Implement outsourced security testing with Veracode to obtain greater expertise, range of service and lower costs as part of FFIEC recommended strategies. Learn More…
- Security Controls Implementation – Veracode enables financial organizations meet FFIEC requirements for code review, securing software development and acquisition.
- Security Monitoring – Comply with requirements for periodic assessments for technical vulnerabilities and penetration testing by an independent organization that specializes in application security testing such as Veracode. Learn More…