2013 Audit of the Board's Information Security Program

November 7, 2013

Mr. Mark Bialek 
Office of Inspector General 
Board of Governors of the Federal Reserve System 
Washington DC, 20551 

Dear Mark:

We have reviewed your report entitled "2013 Audit of the Board's Information Security Program" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of 2002 (FISMA). The report evaluates the Board of Governors of the Federal Reserve System (Board) with FISMA and related information security policies, procedures, standards, and guidelines. The report also addresses remediation efforts the CIO has undertaken to address recommendations made by the Inspector General FISMA reports in prior years. We are pleased that your assessment continues to recognize that the Board operates a comprehensive and effective information security program and recognizes the progress we continue to make to enhance the program.

We agree with the two recommendations offered in your report. We intend to take immediate action to address each of these recommendations. This includes continuing to implement and mature the Board's Continuous Monitoring Program. In addition, we will be reviewing the Board's security training program for individuals with significant security responsibilities to ensure it adequately addresses the Board's information security training requirements. The Information Technology Division's Plan of Actions and Milestones will be updated to reflect these corrective actions.

We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.

Sincerely,

/signed/

Sharon Mowry
Director, Information Technology