2023 Audit of the Board’s Information Security Program

Date Issued

Friday, September 29, 2023

Submitting OIG

Federal Reserve Board & CFPB OIG

Other Participating OIGs

Federal Reserve Board & CFPB OIG

Agencies Reviewed/Investigated

Board of Governors of the Federal Reserve System

Report Number

2023-IT-B-015

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 7 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Prioritize the definition and incorporation of a cybersecurity risk tolerance into the agency's cybersecurity policies, procedures, and processes, as appropriate.
2	No	$0	$0
Ensure all required attributes are consistently documented within the agency's cybersecurity risk register.
3	No	$0	$0
Document and implement a process to consistently inventory the Board's web applications, including its public-facing websites.
4	No	$0	$0
Document and implement a process to consistently inventory and prioritize the Board's third-party systems, including the identification of subcontractors.
5	No	$0	$0
Enforce the agency's iOS Update and Device Inactivity Policy to ensure that agency services are denied to mobile devices that are out of compliance.
6	No	$0	$0
Develop, document, and implement a process to review and update the Board's privacy impact assessments.
7	No	$0	$0
Ensure that the process to update privacy impact assessments is adequately resourced for effective implementation.