The Federal Reserve Board issued a 47-page document Monday designed to help banks ensure the integrity, availability, and confidentiality of information moved electronically.
While not a regulation, the guidelines outline steps banks should take to protect computer networks.
For example, the Fed advised banks to establish comprehensive information security programs, paying special attention to internal network security. Confidential information needs to be encrypted, the Fed said.
In addition, banks should conduct "rigorous" background checks of all employees with access to sensitive information, such as systems administrators and telecommunications support staff.
The Fed also warned banks to carefully construct their Internet sites. "As more products and services are offered via the Internet, the opportunities for attack increase," the Fed said.
The "sound practice guidance," as the Fed labeled the document, was developed by staff at the Federal Reserve Bank in New York who consulted with 34 financial services companies, accounting firms, security specialists, and other industry-related organizations. The results were validated by staff at the Federal Reserve banks of Chicago and San Francisco.