Board Report: 2022-IT-B-015 November 9, 2022
The Board established the Main Street Lending Program and the Secondary Market Corporate Credit Facility to help certain businesses, nonprofits, and employers through the COVID-19 pandemic. We assessed processes for managing cybersecurity risks for third-party vendors supporting the MSLP and SMCCF.
Overall, we found that Federal Reserve System officials quickly established vendor contracts that generally met cybersecurity best practices. However, we identified ways to strengthen third-party cybersecurity risk management processes for future scenarios and found that Board and Federal Reserve Bank information security program policy requirements for vendor risk management do not fully align.
