Board Report: 2014-IT-B-021 December 18, 2014
OFFICE OF INSPECTOR GENERAL
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
CONSUMER FINANCIAL PROTECTION BUREAU
December 18, 2014
Sharon Mowry
Chief Information Officer and Director, Division of Information Technology
Board of Governors of the Federal Reserve System
Andrew Patchan Jr. /signed/
Associate Inspector General for Information Technology
OIG Report No. 2014-IT-B-021: Opportunities Exist to Improve the Operational Efficiency and Effectiveness of the Board’s Information Security Life Cycle
The Office of Inspector General has completed its report on the subject audit. We conducted this audit to assess the Board of Governors of the Federal Reserve System’s (Board) processes to meet Federal Information Security Management Act of 2002 (FISMA) requirements for security categorization, certification and testing, security plans, and accreditation of its information systems. In addition, we reviewed how the Board compiles its FISMA documents and review activities within the online commercial-off-the-shelf tool. Lastly, we analyzed the Board’s recently adopted risk management framework document against National Institute of Standards and Technology guidance.
We provided a draft of our report for review and comment. In your response, you outlined actions that will be taken to address our recommendations. We have included your response as appendix C to our report.
We appreciate the cooperation we received from Board personnel during our review. Please contact me if you would like to discuss this report or any related issues.
Donald Hammond, Chief Operating Officer
Raymond Romero, Chief Privacy Officer
Charles Young, Information Security Officer
William Mitchell, Chief Financial Officer
J. Anthony Ogden, Deputy Inspector General
Matthew Simber, OIG Manager for Policy, Planning, and Quality
Assurance