The Consolidated Appropriations Act, 20211 (CAA) requires the Federal Reserve Board (Board) to submit annually for seven years a report focused on cybersecurity to Congress. The CAA calls for a description of measures the Board has undertaken to strengthen cybersecurity within the financial services sector and with respect to the Board’s functions as a regulator, including the supervision and regulation of financial institutions and third-party service providers.
Pursuant to the CAA, this report is organized in three main sections covering the Board’s policies and procedures related to cybersecurity risk management, including with respect to the Board’s supervision and regulation of financial institutions, the Board’s administration of its internal information security program, and the Reserve Banks’ information security program.
Board activities to address cybersecurity risks, including those carried out through our supervision of financial institutions, through the Board’s own programs and initiatives, and through those of the Reserve Banks as a provider of critical payment and settlement services.
As described in the report, the Board views cybersecurity as a high priority for the Federal Reserve System and Board-supervised institutions. The Board and the Reserve Banks maintain robust information security programs and engage and coordinate on cybersecurity issues with numerous critical stakeholders including the federal banking agencies, other government agencies, and industry.
These efforts include actively monitoring cybersecurity threats and responding, as appropriate, to incidents that could affect the operations of the Board, the Reserve Banks, or super-vised institutions.
