Skip to main content
Report File
Date Issued
Submitting OIG
Federal Reserve Board & CFPB OIG
Other Participating OIGs
Federal Reserve Board & CFPB OIG
Agencies Reviewed/Investigated
Board of Governors of the Federal Reserve System
Report Number
2024-IT-B-020
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
9
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 9 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 Yes $0 $0

Develop a supply chain risk management strategy that includes (a) a supply chain risk appetite and tolerance, (b) an enterprise supply chain risk management governance structure, and (c) supply chain risk assessment processes that include migration strategies or controls.

2 No $0 $0

Document and implement a baseline review and escalation process for data loss prevention alerts.

3 No $0 $0

Reinforce the requirements for identifying and documenting system interconnections as part of the Board’s training on its cyber risk management application and require all relevant individuals to take the training.

4 No $0 $0

Evaluate and implement options to enforce the agency’s existing guidance related to identifying and documenting system interconnections.

5 No $0 $0

Develop and implement a mobile application scanning program that includes a vulnerability scanning solution and process to identify and remediate vulnerabilities.

6 No $0 $0

Ensure that the Board’s Incident Notification and Breach Response Plan is reviewed, tested and approved annually.

7 No $0 $0

Develop and implement a role-based privacy training program.

8 No $0 $0

Incorporate targeted phishing exercises into the Board’s security awareness and training program and processes.

9 No $0 $0

Update the Board’s standard contract language in cloud service provider contracts to ensure that it is consistent with Federal Risk and Authorization Management Program’s Incident Communications Procedures incident reporting requirements.

Federal Reserve Board & CFPB OIG

United States