Security Control Review of the Federal Reserve Integrated Records Management Architecture

We completed a security control review of the Federal Reserve Integrated Records Management Architecture (FIRMA) as part of our information security-related requirements under the Federal Information Security Management Act (FISMA). Our objective, was to evaluate the adequacy of control techniques in place for protecting FIRMA from unauthorized access, modification, destruction, or disclosure. To accomplish this objective, we developed a control assessment tool based on the security controls defined in the National Institute of Standards and Technology Special Publication 800-53 Rev. 1 (SP 800-53).

Our review showed that information security controls over FIRMA need to be strengthened in four of the seventeen control families. Our restricted report to management contained seven recommendations to improve controls. We will follow-up on the implementation of the recommendations as part of our future audit activities related to the Board’s continuing implementation of FISMA.