The Federal Financial Institutions Examination Council agencies have issued the following statement for financial institutions about the end of support for Windows XP and regulatory guidance for addressing the risk from its continued use.
The Federal Financial Institutions Examination Council (FFIEC) agencies (“agencies”) are jointly issuing this statement to alert financial institutions that the discontinuation of support for the Microsoft Windows XP operating system (XP) could present operational risks to financial institutions, technology service providers (TSPs), and to activities supported by other third parties. The agencies expect financial institutions and TSPs to identify, assess, and manage these risks to ensure that safety, soundness, and the ability to deliver products and services are not compromised.
Microsoft will discontinue extended support for XP effective April 8, 2014. After this date, Microsoft will no longer provide regular security patches, technical assistance, or support for XP. Financial institutions, TSPs, and other third parties that use XP in personal computers, servers, and purpose-built devices such as automated teller machines (ATM), or that are dependent on applications that require use of XP could be exposed to increased operational risk.
Potential problems include degradation in the delivery of various products and services, application incompatibilities, and increased potential for data theft and unauthorized additions, deletions, and changes of data. Additionally, financial institutions and TSPs that are subject to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and continue to use XP after April 8, 2014, may no longer be compliant.
Financial institutions and TSPs that use XP should follow their risk management processes to address the risk from the continued use of XP, consistent with the risk management guidance contained in the FFIEC Information Technology (IT) Examination Handbook.
Important considerations include
The PDF version of the original statement is available here on the FFIEC website.
Cyber threats never take a day off, never clock out and go home at the…
Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…