If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2015-IT-B-001 January 30, 2015

Audit of Planned Physical and Environmental Controls for the Board’s Data Center Relocation

available formats

Executive Summary:
PDF | HTML
Full Report:
PDF (2 MB) | HTML

Appendix B: Management's Response

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
DIVISION OF INFORMATION TECHNOLOGY

January 12, 2015

Mr. Mark Bialek
Office of Inspector General
Board of Governors of the Federal Reserve System
Washington DC, 20551

Dear Mark:

We have reviewed your report entitled "Audit of Planned Physical and Environmental Controls for the Board's Data Center Relocation" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of 2002 (FISMA). The report evaluates the planned physical and environmental controls for the Board's data center against the Board's Information Security Program's control requirements. We are pleased that your assessment recognized that the Board is continuing to follow a structured approach to planning and executing the relocation of the data center, and Board staff are actively engaged in the planning and decision making for the project.

We agree with the one recommendation offered in your report. The Board has worked closely with the 5th District to identify the security controls that the Board Data Center will be inheriting from the Bank. The 5th District has provided the SAFR security plans defining how the inherited controls are met and the relevant supporting evidence. The Board ISO has compared the control implementations to the Board's security requirements and identified any risks incurred by relying on SAFR. The Board ISO will work with the 5th District to address identified risks and ensure the controls are appropriately documented in a security plan. Based on the risk assessment performed, the Board ISO is confident in relying on the 5th District for providing the inherited controls under SAFR.

We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.

Sincerely

/signed/

Sharon Mowry

Director, Information Technology

cc: Mr. Donald Hammond
     Mr. Wayne Edmondson
     Mr. Andrew Patchan
     Mr. Ray Romero
     Mr. Charles Young

HOTLINE

IN THIS SECTION

Audit of Planned Physical and Environmental Controls for the Board’s Data Center Relocation

available formats

Executive Summary:

Full Report:

Appendix B: Management's Response

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

Audit of Planned Physical and Environmental Controls for the Board’s Data Center Relocation

available formats

Executive Summary:

Full Report:

Appendix B: Management's Response

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES