Evaluation of Third-Party Cybersecurity Risk Management Processes for Vendors Supporting the Main Street Lending Program (MSLP) and the Secondary Market Corporate Credit Facility (SMCCF)
In response to the economic effects of the COVID-19 pandemic, the Board created new lending programs and facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. To support the implementation of specific programs and facilities, the Federal Reserve Banks have contracted with third- party vendors for various services, such as administrative, custodial, legal, design, and investment management services. These vendors provide data generated from the operations and management of the facilities to the Reserve Banks, who then provide the data to the Board. We are evaluating the effectiveness of (1) the risk management processes designed to ensure that effective information security and data integrity controls are implemented by third parties supporting the administration of the MSLP and the SMCCF and (2) select security controls managed.