- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
DIVISION OF INFORMATION TECHNOLOGY
November 5, 2014
Mr. Mark Bialek
Office of Inspector General
Board of Governors of the Federal Reserve System
Washington DC, 20551
We have reviewed your report entitled "2014 Audit of the Board's lnformation Security Program" prepared as part of your office's oversight responsibilities pursuant to the Federal Information Security Management Act of2002 (FlSMA). The report evaluates the Board of Governors of the Federal Reserve System (Board) with FISMA and related information security policies, procedures, standards, and guidelines. The report also addresses remediation efforts the CIO has undertaken to address recommendations made by the Inspector General FISMA reports in prior years. We are pleased that your assessment continues to recognize that the Board operates a comprehensive and effective information security program and recognizes the progress we continue to make to enhance the program.
We agree with the one recommendation offered in your report. We intend to take immediate action to address the recommendation. This includes continuing to manually collect quarterly POA&M reports from the Offices and Divisions until the automated POA&M tracking process is fully implemented. ln order to address the two open recommendations from previous reports, we will continue to enhance the Continuous Monitoring Program that was implemented in 2014. In addition, while actions were taken to mitigate the risk identified related to third parties, we will continue to enhance the Third Party Risk Management Program to make it more efficient and effective. The Information Technology Division's Plan of Actions and Milestones will be updated to reflect these corrective actions.
We appreciate the professionalism and courtesies provided by the staff of the Office of the Inspector General and we look forward to working with your office in the future. Thank you for the opportunity to provide comments on this report.
Director, Information Technology
Mr. Andrew Patchan
Mr. Wayne Edmondson
Mr. Ray Romero