The Division of Information Technology (DIT) is pleased to provide our comments to the Office of Inspector General’s (OIG) draft report dated December 23, 2005, entitled Audit of FDIC’s Security Certification and Accreditation Program.

Responses to the Recommendations:

1. KPMG recommends that the Chief Information Officer strengthen the FDIC’s C&A policies, procedures and guidelines by considering and addressing, as appropriate, the issues described in this report.

Response:  Concur

DIT has worked with the OIG audit team to begin assessing the observations made in the draft report. DIT has drafted a matrix that documents DIT’s consideration of the observations. DIT reviewed the status of this effort with the OIG and the Office of Enterprise Risk Management on January 18, 2006. It was agreed that the provision of the completed matrix would satisfy the recommendation and that the OIG would review DIT’s actions regarding these issues in the 2006 Federal Information Security Management Act evaluation. DIT will complete the matrix and provide it to the OIG by April 5, 2006.

If you have any questions concerning this response, please contact Rack Campbell, Chief; Audit and Internal Control Section on (703) 516-1422.