OIG: 2025 Audit of the Board's Information Security Program

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2025-IT-B-011R October 31, 2025

Each year, we audit the Board's information security program as required by the Federal Information Security Modernization Act.

The maturity level of the Board's information security program has decreased since last year, leading us to conclude the program is no longer effective. Challenges in cybersecurity governance, coupled with opportunities to strengthen cybersecurity profiles, mobile device security, and information classification for confidential supervisory information, contributed to the decline.

We are making 3 new recommendations to strengthen the Board's information security program. In addition, the Board has addressed 4 recommendations from our previous FISMA audits, leaving 18 previous recommendations that remain open. Given the sensitivity of the information in our review, portions of the public version of this report have been redacted.

HOTLINE

IN THIS SECTION

2025 Audit of the Board's Information Security Program

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

2025 Audit of the Board's Information Security Program

available formats

Summary:

Full Report:

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES