Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2018-IT-C-018 October 31, 2018

2018 Audit of the Bureau's Information Security Program

available formats

The Federal Information Security Modernization Act of 2014 requires us to perform an annual, independent evaluation of the Bureau's information security program. We evaluated the program's maturity level (from a possible low of 1 to a possible high of 5) across several areas.

Overall, the Bureau's information security program is operating at level 3 (consistently implemented). The agency is performing several activities indicative of a higher maturity level but has opportunities to mature its program across all five Cybersecurity Framework functions.

We are making recommendations to strengthen the Bureau's information security program in the areas of configuration management, identity and access management, and data protection and privacy.