1.1.2: Information Security
Identify and perform programmatic audits, inspections, and evaluations on information security topics. Other Information:
The Board's information security program. FISMA requires agencies to ensure the effectiveness of information security controls
over information resources that support federal operations and assets. FISMA requires that each agency develop and implement
an agency-wide program to provide information security throughout the life cycle of all agency systems, including systems
managed on behalf of the agency by another agency, a contractor, or another source. FISMA also requires that each OIG conduct
an annual independent evaluation of their respective agency's information security program and practices. The evaluation is
designed to test the effectiveness of controls and techniques for a representative subset of the agency's information systems
and to assess compliance with FISMA requirements. In April 2010, the Office of Management and Budget (OMB) issued new reporting
requirements for OIGs' analysis of their respective agency's information security management performance, to include the following
areas: certification and accreditation, continuous monitoring, plans of action and milestones, account and identity management,
remote access, security configuration management, security training, contractor oversight, contingency planning, and incident
response and reporting. To optimize our IT resources, we will continue to rotate our review of the major systems maintained
by the Board, as well as the Federal Reserve Bank systems used in support of Board programs and operations. We will also identify
and perform programmatic audits, inspections, and evaluations on information security topics to help fulfill our statutory
requirement to evaluate the Board's overall security program and practices and to respond to areas of interest identified
by OMB as part of its annual reporting guidance.
Indicator(s):
|
