Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2021-IT-C-015 October 29, 2021

2021 Audit of the Bureau's Information Security Program

available formats

The Federal Information Security Modernization Act of 2014 requires us to perform an annual, independent evaluation to determine the effectiveness of the Bureau's information security program. We evaluated the program's maturity level (from a possible low of 1 to a possible high of 5) across several areas.

The Bureau continues to operate its information security program effectively at level 4 (managed and measurable). Nonetheless, the Bureau has opportunities to further strengthen its information security program—for example, by improving its organizationwide cybersecurity risk management processes through the use of a cybersecurity risk register process.

We are making recommendations to strengthen the Bureau's information security program in the areas of risk and configuration management.