Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2014-IT-B-021 December 18, 2014

Opportunities Exist to Improve the Operational Efficiency and Effectiveness of the Board's Information Security Life Cycle

available formats

Appendix C: Managementís Response

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
DIVISION OF INFORMATION TECHNOLOGY

December 11, 2014

Mr. Mark Bialek 
Office of Inspector General 

Board of Governors of the Federal Reserve System 
Washington DC, 20551 

Dear Mark:

We have reviewed your report entitled "Audit of the Board's Security Lifecycle" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of 2002 (FISMA). The report evaluates the Board of Governors of the Federal Reserve System (Board) Security Lifecycle with the applicable FISMA and related information security policies, procedures, standards, and guidelines. We are pleased that your assessment recognized that the Board operates a comprehensive and effective information security lifecycle.

We agree with the three recommendations offered in your report. The Information Security Compliance Program is currently in the process of enhancing our automated compliance tool and plan to incorporate the areas for improvement defined in the report. Once the automated compliance tool is fully upgraded, we plan on using the system as the sole FISMA information system inventory and report generating tool. For the 2015 FISMA program year, the IT Security Compliance Unit plans on performing a reconciliation between existing policy documents and will look for opportunities to consolidate or provide further clarification to current policies and procedures. Overall, we view the findings identified as continuous improvement opportunities and will follow the suggestions for improvement. The Information Technology Division's Plan of Actions and Milestones will be updated to reflect these corrective actions.

We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.

Sincerely,

/signed/

Sharon Mowry
Director, Information Technology

cc:
Mr. Wayne Edmondson
Mr. Don Hammond
Mr. Andrew Patchan
Mr. Ray Romero
Mr. Charles Young