1. What Is NCUA Connect?
NCUA Connect is NCUA’s new secure access portal for NCUA staff, credit unions, and State Supervisory Authorities. NCUA is piloting NCUA Connect in 2019 and is planning a broader rollout in 2020. Once operational, NCUA will add modernized applications to the portal for secure interaction and data submissions to NCUA and their state supervisory authorities, as applicable.
2. What Applications Will Be on NCUA Connect?
The initial launch of NCUA Connect will include NCUA’s modernized examination platform, the Modern Examination and Risk Identification Tool (MERIT). NCUA will add other applications, such as CU Online, as they are modernized.
3. How Do I Get Access to NCUA Connect?
Once the 2019 pilot is complete, each credit union and state supervisory authority will identify individuals authorized to add users for their organization. More information will be available once the pilot is complete.
4. What Information Security Measures Have Been Put in Place?
Security is of the highest importance to NCUA.
- Users will designate their multifactor authentication preferences during the account set-up process.
- NCUA Connect is designed with several user role options and embraces least privilege requirements providing secure access only to information within their purview.
- Data is encrypted in transit and at rest.
- Once a user has an approved NCUA Connect account, NCUA must approve access to specific applications.
5. What Are NCUA’s Information Security Requirements?
The NCUA exercises great care in protecting sensitive information such as personally identifiable information and its information systems. As a federal agency, the NCUA must comply with security standards for federal information and information systems. All systems operated by the NCUA must meet the minimum information security requirements established by the National Institute of Standards and Technology. In addition to NIST standards and guidelines, the NCUA is subject to federal statutes such as the Federal Information Security Modernization Act of 2014, the E-Government Act of 2002, the Privacy Act of 1974 and various OMB policies and guidance concerning federal information management, FISMA reporting, and privacy.
The NCUA uses administrative, technical, and physical controls, including but not limited to: assessment and authorization of information systems; proactive threat assessments and continuous monitoring; and annual general and role-based security training for employees and contractors.
The Office of the Inspector General conducts independent audits, investigations and other activities to verify the NCUA’s compliance with applicable standards, laws and regulations related to privacy and information security. The derived reports are used to keep the NCUA Board and U.S. Congress informed of any deviation from requirements.