Summary

This report presents the results of a review by International Business Machines (IBM) Business Consulting Services (hereafter referred to as IBM), an independent professional services firm engaged by the Office of Inspector General (OIG) to support its efforts to satisfy reporting requirements related to the Federal Information Security Management Act of 2002.

The objective of the review was to determine whether the FDIC has established and implemented effective controls over its personnel security program. The scope of the review focused on FDIC’s personnel security program for employees. Audit work relating to FDIC’s personnel security program for contractors was limited to gaining an understanding of the program. IBM concluded that the FDIC’s Division of Administration (DOA) has made improvements in the Corporation’s personnel security program, but additional work is needed to strengthen controls over data used to manage the program.

Recommendations

IBM made multiple recommendations to the Director, DOA, to improve the accuracy of the data used to manage the FDIC’s personnel security program.

Management Response

DOA’s response adequately addressed all the conditions discussed in the report. This report addresses issues associated with information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.