OIG: Evaluation of the Board's Implementation of Splunk

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2018-IT-B-019R November 5, 2018

Splunk is the Board's primary security information and event management application. We evaluated the Board's implementation of the application in accordance with security best practices.

Overall, we found the Board implemented Splunk in line with security best practices. For example, Splunk forwarders are consistently installed on Board devices, and dashboards have been developed and implemented to monitor and validate that the agency's devices are forwarding data to Splunk correctly. However, we identified an opportunity to strengthen risk management controls.

Our report includes one recommendation to strengthen security as well as three matters for management's consideration related to account management, annual access validation, and self-signed certificates.

Given the sensitivity of our review, this report is restricted.

HOTLINE

IN THIS SECTION

Evaluation of the Board's Implementation of Splunk

available formats

Summary:

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

Evaluation of the Board's Implementation of Splunk

available formats

Summary:

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES