Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2014-IT-B-019 November 14, 2014

2014 Audit of the Board's Information Security Program

available formats

Appendix B: Management's Response

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
 

DIVISION OF INFORMATION TECHNOLOGY
 

November 5, 2014

Mr. Mark Bialek
Office of Inspector General
Board of Governors of the Federal Reserve System
Washington DC, 20551

Dear Mark:

We have reviewed your report entitled "2014 Audit of the Board's lnformation Security Program" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of2002 (FlSMA). The report evaluates the Board of Governors of the Federal Reserve System (Board) with FISMA and related information security policies, procedures, standards, and guidelines. The report also addresses remediation efforts the CIO has undertaken to address recommendations made by the Inspector General FISMA reports in prior years. We are pleased that your assessment continues to recognize that the Board operates a comprehensive and effective information security program and recognizes the progress we continue to make to enhance the program.

We agree with the one recommendation offered in your report. We intend to take immediate action to address the recommendation. This includes continuing to manually collect quarterly POA&M reports from the Offices and Divisions until the automated POA&M tracking process is fully implemented. ln order to address the two open recommendations from previous reports, we will continue to enhance the Continuous Monitoring Program that was implemented in 2014. In addition, while actions were taken to mitigate the risk identified related to third parties, we will continue to enhance the Third Party Risk Management Program to make it more efficient and effective. The Information Technology Division's Plan of Actions and Milestones will be updated to reflect these corrective actions.

We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.

Sincerely,
/signed/
Sharon Mowry
Director, Information Technology

cc:

Mr. Andrew Patchan
Mr. Wayne Edmondson
Mr. Ray Romero