- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
CFPB Report: 2020-IT-C-021 November 2, 2020
The Federal Information Security Modernization Act of 2014 requires us to perform an annual, independent evaluation of the Bureau's information security program. We evaluated the program's maturity level (from a possible low of 1 to a possible high of 5) across several areas.
The Bureau continues to operate its information security program effectively at level 4 (managed and measurable). Nonetheless, the Bureau has opportunities to further strengthen its information security program—for example, by making policy and technology improvements to strengthen separation of duties controls in the Bureau's configuration management processes.
We are making a recommendation to strengthen the Bureau's information security program in the area of configuration management.