Board Report: 2014-IT-B-021 December 18, 2014
December 11, 2014
Mr. Mark Bialek
Office of Inspector General
Board of Governors of the Federal Reserve System
Washington DC, 20551
Dear Mark:
We have reviewed your report entitled "Audit of the Board's Security Lifecycle" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of 2002 (FISMA). The report evaluates the Board of Governors of the Federal Reserve System (Board) Security Lifecycle with the applicable FISMA and related information security policies, procedures, standards, and guidelines. We are pleased that your assessment recognized that the Board operates a comprehensive and effective information security lifecycle.
We agree with the three recommendations offered in your report. The Information Security Compliance Program is currently in the process of enhancing our automated compliance tool and plan to incorporate the areas for improvement defined in the report. Once the automated compliance tool is fully upgraded, we plan on using the system as the sole FISMA information system inventory and report generating tool. For the 2015 FISMA program year, the IT Security Compliance Unit plans on performing a reconciliation between existing policy documents and will look for opportunities to consolidate or provide further clarification to current policies and procedures. Overall, we view the findings identified as continuous improvement opportunities and will follow the suggestions for improvement. The Information Technology Division's Plan of Actions and Milestones will be updated to reflect these corrective actions.
We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.
Sincerely,
/signed/
Sharon Mowry
Director, Information Technology
