OIG: Security Control Review of the Lotus Notes and Lotus Domino Infrastructure

If you are seeing this message, Javascript is disabled. Disclaimer for all external links found on this page: The Office of Inspector General (OIG) for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau does not necessarily endorse the views expressed or the facts presented on the external sites. The OIG does not endorse any commercial products that may be advertised or on the external sites. The OIG's privacy policy does not apply on the external sites. Please check the site for its privacy notice.

Skip to Navigation

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: June 24, 2010

To evaluate the security controls and techniques of the information systems of the Board, the OIG reviews controls over associated major applications on an ongoing basis. Consistent with the requirements of the Federal Information Security Management Act of 2002 (FISMA), we conducted a security control review of the Board’s Lotus Notes and Lotus Domino infrastructure. The Lotus Notes and Lotus Domino infrastructure is a component of the general support system supported by the Board’s Division of Information Technology. The general support system infrastructure provides network and general computing capabilities for the Board’s end-user community. The Lotus Notes application provides users with access to e-mail, calendar, and other databases that reside in a Lotus Domino server environment.

Our audit objective was to evaluate the adequacy of selected security controls for protecting the Lotus Notes and Lotus Domino infrastructure from unauthorized access, modification, destruction, or disclosure. To accomplish our objective, we developed a control assessment methodology based on the security controls identified in the National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems. This document provides a baseline of security controls for organizations to use in protecting their information systems. The controls are divided into 17 “families,” such as access control, risk assessment, and personnel security.

Overall, the audit showed that controls were generally well-designed and well-implemented. However, we found opportunities to strengthen information security controls in the control families that we evaluated. For those control families where control objectives were not met, we identified the aspect of the control that was deficient or where improvements could be made, and we highlighted recommended action. The Director of the Division of Information Technology generally agreed with our recommendations and identified corrective actions that have been taken, are under way, or are planned to enhance the specific controls highlighted in the report. We will follow up on the implementation of the recommendations as part of our future audit activities related to the Board’s continuing implementation of FISMA. Given the sensitivity of information security review work, our reports in this area are generally restricted.

HOTLINE

IN THIS SECTION

Security Control Review of the Lotus Notes and Lotus Domino Infrastructure

available formats

Report Summary

LINKS TO THE BOARD AND THE CFPB

HOTLINE

IN THIS SECTION

SHARE THIS PAGE

STAY CONNECTED

Security Control Review of the Lotus Notes and Lotus Domino Infrastructure

available formats

Report Summary

LINKS TO THE BOARD AND THE CFPB

RELATED SITES AND RESOURCES