CFPB Report: 2018-IT-C-012R June 27, 2018
Mosaic is a public-facing system used by the Bureau to centrally collect, monitor, and respond to complaints about consumer financial products and services. Per the Federal Information Security Modernization Act of 2014, we evaluated information security controls for Mosaic.
Overall, the security controls we tested were effective, as were components of the planning, development, and delivery processes used for the system as they relate to the Bureau's risk management program. However, stronger identity and access management controls can ensure that the security control environment for Mosaic remains effective.
Our report includes one recommendation and several matters for management's consideration in the areas of audit and accountability, contingency planning, and configuration management.
Given the sensitivity of information security reviews, this report is restricted.
