OIG: Security Control Review of Contingency Planning Controls for the Information Technology General Support System

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: December 1, 2012

To evaluate the security controls and techniques of the information systems of the Board, the Office of Inspector General reviews controls over Board applications and selected security controls provided by the Board's general support systems (GSS) on an ongoing basis. Consistent with the requirements of the Federal Information Security Management Act of 2002 (FISMA), we conducted a security control review of the contingency program controls provided by the GSS, which is supported by the Division of Information Technology (IT)-IT GSS.

Our objective was to determine whether the Board is maintaining a contingency program for the IT GSS that is generally consistent with related National Institute of Standards and Technology (NIST) and Office of Management and Budget (OMB) Federal Information Security Management Act of 2002 (FISMA) guidance. To accomplish this objective, we developed a tailored control assessment review program based on the security controls defined in NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations.

Overall, we found that the Board has established and is maintaining a contingency program for the IT GSS that is generally consistent with NIST and OMB FISMA requirements. The Board has invested resources in the areas of hardware, mainframe computing, network bandwidth, equipment, and other logistical necessities to sustain operations at the contingency site. In addition, the Board continues to conduct semiannual contingency tests of its mission-critical applications. Although we did not identify any significant discrepancies, we found opportunities to strengthen the IT GSS contingency planning.

Management generally agreed with our recommendations and discussed corrective action that has already been completed, is underway, or is planned. We plan to conduct additional work in the area of continuity of operations and contingency planning across divisions, and we will follow up on the implementation of each recommendation as part of our future audit activities related to the Board's continuing implementation of FISMA. Given the sensitivity of information security review work, our reports in this area are generally restricted.

HOTLINE

IN THIS SECTION

Security Control Review of Contingency Planning Controls for the Information Technology General Support System

available formats

Report Summary

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

Security Control Review of Contingency Planning Controls for the Information Technology General Support System

available formats

Report Summary

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES