2.1.6: Information Systems & Security

Employ our control assessment tool to review the Board's information technology platforms.

Other Information:

Information systems and security. Under FISMA, the Bureau must develop and implement an agency-wide program to provide information security throughout the life cycle of all agency automated systems. FISMA also requires that each OIG perform an annual independent evaluation of its respective agency's information security program and practices. Each agency head must submit the results of the OIG's independent evaluation—along with the agency's reports of the adequacy and effectiveness of information security policies, procedures, and practices—to the director of OMB on an annual basis. To meet the FISMA control testing requirement for the Bureau, the OIG will employ the control assessment tool it uses to review the Board's information technology platforms. Moreover, the OIG will assess some of the security controls that affect Bureau-wide operations and identify and perform programmatic audits, inspections, and evaluations on information security topics in accordance with our statutory requirement. Because the Bureau will collect a significant amount of consumer data in newly designed and implemented IT systems, appropriate security controls for the handling and transmission of consumer data must be implemented. As part of our FISMA-mandated work, we will focus on the major information systems that collect, employ, and maintain sensitive consumer information.

Stakeholder(s):

• Federal Reserve Board

Indicator(s):

Indicator:1

Content