- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
Board Report: 2018-IT-B-019R November 5, 2018
Splunk is the Board's primary security information and event management application. We evaluated the Board's implementation of the application in accordance with security best practices.
Overall, we found the Board implemented Splunk in line with security best practices. For example, Splunk forwarders are consistently installed on Board devices, and dashboards have been developed and implemented to monitor and validate that the agency's devices are forwarding data to Splunk correctly. However, we identified an opportunity to strengthen risk management controls.
Our report includes one recommendation to strengthen security as well as three matters for management's consideration related to account management, annual access validation, and self-signed certificates.
Given the sensitivity of our review, this report is restricted.