- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
CFPB Report: 2018-IT-C-018 October 31, 2018
The Federal Information Security Modernization Act of 2014 requires us to perform an annual, independent evaluation of the Bureau's information security program. We evaluated the program's maturity level (from a possible low of 1 to a possible high of 5) across several areas.
Overall, the Bureau's information security program is operating at level 3 (consistently implemented). The agency is performing several activities indicative of a higher maturity level but has opportunities to mature its program across all five Cybersecurity Framework functions.
We are making recommendations to strengthen the Bureau's information security program in the areas of configuration management, identity and access management, and data protection and privacy.